7568 matches found
CVE-2021-47950
Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the semotion parameter. Attackers can submit POST requests to admin.php with JavaScript code in...
PHP 资源管理错误漏洞
PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a resource management vulnerability. This vulnerability occurred when the SoapServer was configured as SOAPPERSISTENTSESSION. In such cases, the processing...
SUSE CVE-2026-43124
In the Linux kernel, the following vulnerability has been resolved: pstore: ramcore: fix incorrect success return when vmap fails In persistentramvmap, vmap may return NULL on failure. If offset is non-zero, adding offsetinpagestart causes the function to return a non-NULL pointer even though the...
CVE-2026-33814 vulnerabilities
Vulnerabilities for packages: sftpgo, istio, zot, vertical-pod-autoscaler, metrics-agent, kapp-controller, kpt, boring-registry, rancher-fleet, docker-machine-driver-harvester, influx, vault-benchmark, crossplane-provider-azure-managedidentity, pluto, kube-metrics-adapter, octo-sts, blobfuse2,...
CVE-2026-7944
An insufficient validation of untrusted input flaw was found in the Persistent Cache component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495783187...
CVE-2026-44400
MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...
CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin
MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module PAM-based post-exploitation toolkit...
SUSE CVE-2026-7944
Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
PT-2026-39194
Name of the Vulnerable Software and Affected Versions MailEnable Enterprise Premium versions prior to 10.56 Description Improper authorization in the WebAdmin mobile portal allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. ...
CVE-2026-41653 BentoPDF: Stored XSS via Markdown Editor Leading to Persistent File Exfiltration
BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...
Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
PT-2026-38458
Name of the Vulnerable Software and Affected Versions Yarbo version 2.3.9 Description A hidden, persistent backdoor provides remote, unauthenticated or weakly authenticated access to privileged functionality. This backdoor is undocumented, cannot be disabled through user-facing settings, and...
CVE-2026-30495
The CVE-2026-30495 entry concerns the Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0). Technical details in the connected documents show an exploitable condition where ADB is exposed over TCP port 5555 without authentication (ro.adb.secure=0) and a functional /system/xb...
EUVD-2026-27991
Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
MAL-2026-3356 Malicious code in test-py-conn (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7e39e3b24f15db8e5eff412ba6cb217986b6f80b6923712abd1efee4cf79a7ed The code automatically starts a worker designed to survive the exit of the main process. The worker load code from a PYC file which then connects to pre-define...
Malicious code in test-py-conn (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7e39e3b24f15db8e5eff412ba6cb217986b6f80b6923712abd1efee4cf79a7ed The code automatically starts a worker designed to survive the exit of the main process. The worker load code from a PYC file which then connects to pre-define...
CVE-2026-7944
Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-7944
Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-7944
Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...