CVE-2026-43292

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...

Zabbix 跨站脚本漏洞

Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has a cross-site scripting vulnerability. This vulnerability arises because non-super administrators who have...

Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()

A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the .QuerySet.orderby method. This occurs when column aliases containing periods are used, and the same alias is also present in FilteredRelation via a specially crafted dictionary. Successful exploitatio...

Django has an SQL Injection issue

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

CVE-2025-40344

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avsdaifeshutdown handles the shutdown procedure for HOST HDAudio stream while period-elapsed work services its IRQs. As the former frees the DAI's private context,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not disabling the periods-elapsed job when turning off PCM...

EUVD-2025-201293

Fulcio allocates excessive memory during token parsing...

CVE-2025-66506

CVE-2025-66506 affects Fulcio prior to 1.8.3. The identity.extractIssuerURL function splits the untrusted OIDC identity token on periods, which can incur O(n) memory allocations when receiving tokens with many dots. This could lead to resource consumption under malicious input. The issue is fixed...

CVE-2025-66361

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...

CVE-2025-65952

Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This...

EUVD-2025-199659

Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This...

CVE-2025-65952 Console is vulnerable to path traversal regarding custom assets

Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This...

PT-2025-48096

Name of the Vulnerable Software and Affected Versions Gorilla Tag versions prior to 2.8.0 Description A path traversal issue exists in Console, a network used to control Gorilla Tag mods and users. Prior to version 2.8.0, specific combinations of backslashes and periods can be used to bypass the...

EUVD-2023-1530

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-52763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in the component /graphallperiods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts o...

VulnCheck KEV: CVE-2024-52763

A cross-site scripting XSS vulnerability in the component /graphallperiods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter...

CVE-2023-29918

RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module...

The Future of SSL Certificate Management: Adapting to Shortened Renewal Periods

The industry is evolving yet again. With the CA/Browser Forum's recent decision to reduce the maximum SSL/TLS certificate lifecycle to 47 days by 2029, the way organizations manage their certificates is going to change significantly—and sooner than most realize. This update builds on the trend of...

AZL-59177 CVE-2025-30204 affecting package coredns for versions less than 1.11.4-5

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

AZL-59193 CVE-2025-30204 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-2

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...