549 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: A race condition in an ODP MR has been fixed, which can lead to a CQE error. This patch addresses a race condition in an ODP MR where attempting to invalidate a range for the same freed lkey can trigger another task to...
EUVD-2026-30306
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
CVE-2026-44371 Open OnDemand: Specially crafted filenames can execute javascript in the file browser
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
CVE-2026-44371
Open OnDemand (HPC portal) is affected prior to versions 4.0.11, 4.1.5, and 4.2.2. The issue allows specially crafted filenames to execute JavaScript in the file browser. The vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2. Impact is web/application-level, with JavaScript execution in the file...
CVE-2026-44371 Open OnDemand: Specially crafted filenames can execute javascript in the file browser
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
PT-2026-40947
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
Open OnDemand 跨站脚本漏洞
Open OnDemand is an open-source software developed by the Ohio Supercomputer Center, designed for open-ended interactive HPC through web-based interfaces. Versions of Open OnDemand prior to 4.0.11, 4.1.5, and 4.2.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from...
Security Bulletin: Vulnerabilities in IBM Semeru Runtime affect Host on Demand.
Summary There are vulnerabilities in IBM Semeru Runtime used by Host on Demand. Host on Demand has provided fixes for the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...
wasmtime has a panic when allocating a table exceeding the size of the host's address space
Impact Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is allocated. This is possible with the WebAssembly memory64 proposal where tables ca...
GHSA-P8XM-42R7-89XG wasmtime has a panic when allocating a table exceeding the size of the host's address space
Impact Wasmtime's allocation logic for a WebAssembly table contained checked arithmetic which panicked on overflow. This overflow is possible to trigger, and thus panic, when a table with an extremely large size is allocated. This is possible with the WebAssembly memory64 proposal where tables ca...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: reliably distinguish block based and fscache mode When erofskillsb is called in block dev based mode, sbdev may not have been initialised yet, and if CONFIGEROFSFSONDEMAND is enabled, it will be mistaken for fscache mode,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR Normally, zero filling would hide the missing initialization. However, setting descsize in regcreate incorrectly causes a crash: BUG: Unable to handle a page fault f...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: afs: Fixed the delayed allocation of a cell’s anonymous key. The allocation of a cell’s anonymous key is performed in a background thread, along with other cell-related operations such as making DNS calls. In the reported bug, th...
ExploitSense
ExploitSense ExploitSense is a local-first vulnerability anal...
SUSE CVE-2026-28280
osctrl is an osquery management solution. Prior to version 0.5.0, a stored cross-site scripting XSS vulnerability exists in the osctrl-admin on-demand query list. A user with query-level permissions can inject arbitrary JavaScript via the query parameter when running an on-demand query. The paylo...
[SECURITY] Fedora 44 Update: systemd-259.5-1.fc44
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses sock et and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...
[SECURITY] Fedora 44 Update: systemd-259.3-1.fc44
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses sock et and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...
GO-2026-4576 osctrl has Stored Cross-Site Scripting (XSS) in On-Demand Query List in github.com/jmpsec/osctrl
osctrl has Stored Cross-Site Scripting XSS in On-Demand Query List in github.com/jmpsec/osctrl...
Coverage-Guided Multi-Agent Harness Generation for Java Library Fuzzing
Coverage-guided fuzzing has proven effective for software testing, but targeting library code requires specialized fuzz harnesses that translate fuzzer-generated inputs into valid API invocations. Manual harness creation is time-consuming and requires deep understanding of API semantics,...
CVE-2026-26002
Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible...