SUSE CVE-2026-43294

In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b "clk: renesas: r9a07g044: Add MSTOP for RZ/G2L" we may get the following kernel panic, for some panels, when rebooting:...

Siemens SIMATIC HMI Comfort Panels 安全漏洞

Siemens SIMATIC HMI Comfort Panels are touchscreen devices produced by the German company Siemens. There are security vulnerabilities in Siemens SIMATIC HMI Comfort Panels. These vulnerabilities stem from improper restrictions on access to web browsers through the control panel. This allows...

EUVD-2026-28836

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...

CVE-2026-43294

In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b "clk: renesas: r9a07g044: Add MSTOP for RZ/G2L" we may get the following kernel panic, for some panels, when rebooting:...

CVE-2026-43294

In the Linux kernel, the following vulnerability has been resolved: drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b "clk: renesas: r9a07g044: Add MSTOP for RZ/G2L" we may get the following kernel panic, for some panels, when rebooting:...

Linux Distros Unpatched Vulnerability : CVE-2026-43294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm: renesas: rz-du: mipidsi: fix kernel panic when rebooting for some panels Since commit 56de5e305d4b clk: renesas: r9a07g044: Add MSTOP for RZ/G2L we may get...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: “Revert ‘drm/amd/display: Use HW lock mgr for PSR1’” This revertment is associated with the commit a2b5a9956269 “drm/amd/display: Use HW lock mgr for PSR1”. It may cause system hangs when connecting with the two EDP panels...

PT-2026-36818

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description Missing authorization allows authenticated users to perform actions they are not intended to have access to, potentially leading to unauthorized access to sensitive...

SQLi

SQL Injection: An Elite Bug Bounty Hunter's Field Manual SQL...

CVE-2025-70365

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

Minor update (4) for Vivaldi Desktop Browser 7.9

Download Vivaldi The following improvements were made since the third 7.9 minor update: AutoHide Panels appear too early VB-126507 AutoHide Search field does not work well with AutoHide VB-126468 MailCalendar Success SVG broken VB-126630 Chromium Update to 146.0.7680.182: includes a security fix...

Statamic 安全漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.14 and earlier, as well as 6.7.0, contained security vulnerabilities. These vulnerabilities...

GHSA-FVCW-9W9R-PXC7 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Description: Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges RFC 1918, localhost, or cloud metadata endpoints. This enables...

CVE-2020-37152

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

CVE-2020-37152

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

CVE-2020-37152

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

CVE-2020-37152

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the panel_content POST parameter. The issue arises from insufficient sanitization of user input before rendering in the browser, enabling an attacker to inject arbitrary JavaScript that executes in the context of the af...

CVE-2020-37152 PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS)

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...