CVE-2026-43272

CVE-2026-43272 concerns the Linux kernel ring-buffer component. The root cause is an uninitialized pointer in rb_meta_validate_events(), which can be dereferenced during a reader-page validation failure, potentially causing a system crash or instability. The issue is fixed by initializing orig_he...

SUSE CVE-2024-26947

In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 "arm: extend pfnvalid to take into account freed memory map alignment" changes the semantics of pfnvalid to check presence of t...

CVE-2023-25598

A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the home.php page. A successful...

Input validation

Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files...

WordPress plugin CleanTalk 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress application plugin. WordPress CleanTalk plugin 5.173 and earlier versions have a cross-sit...

CVE-2018-12901

A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 19.49.9400.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation for the signin.php page. A successful exploit could allow an attack...

Debian DSA-3536-1 : libstruts1.2-java - security update

It was discovered that libstruts1.2-java, a Java framework for MVC applications, contains a bug in its multi-page validation code. This allows input validation to be bypassed, even if MPV is not used directly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Debian Security Advisory DSA 3536-1 (libstruts1.2-java - security update)

It was discovered that libstruts1.2-java, a Java framework for MVC applications, contains a bug in its multi-page validation code. This allows input validation to be bypassed, even if MPV is not used directly. OpenVAS Vulnerability Test $Id: deb3536.nasl 6608 2017-07-07 12:05:05Z cfischer $...

Coinbase: Simultaneous Session Logon : Improper Session Management

Hi, I would like to report this bug related to improper simultaneous logon. Issue: 1 When a user is logged in to the application already authenticated, visits the login page https://coinbase.com/signin he/she should directly get redirected to their home page as there is already a session running...

FreeStyle Wiki Arbitrary Command Injection Vulnerability

Secunia Advisory: SA16612 Release Date: 2005-08-30 Critical: Moderately critical Impact: System access Where: From remote Solution Status: Vendor Patch Software: FreeStyle Wiki 3.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: A...

beehiveVulns.txt

-------------------------------------- Beehive Forum Multiple Vulnerabilities -------------------------------------- Beehive Forum is affected by sql injection, xss, and path disclosure. Vulnerabilities --------------- 1 The $GET "webtag" parameter is on almost every page of the product and is...