2012 matches found
FortiWeb - Cross Site Scripting
FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...
CVE-2026-10628
The CVE concerns the WordPress plugin Points and Rewards for WooCommerce (affected: all versions up to 2.10.0). It describes an authorization bypass in which authenticated users with subscriber-level access and above can perform arbitrary modifications via multiple AJAX actions. Core implications...
EUVD-2026-43123
The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-57156
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...
CVE-2026-57156 FreeRDP: Integer overflow leading to heap buffer overflow in Orders Delta Points parsing
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...
CVE-2026-57156
FreeRDP (32-bit builds) before version 3.28.0 is affected by an integer overflow in update_read_delta_points (libfreerdp/core/orders.c) when multiplying attacker-controlled point count by sizeof(DELTA_POINT). This can cause the allocation of an undersized heap buffer, allowing a malicious RDP pee...
CVE-2026-57156 FreeRDP: Integer overflow leading to heap buffer overflow in Orders Delta Points parsing
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...
PYSEC-2026-1448 libsodium has Incomplete List of Disallowed Inputs
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory...
python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite
A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...
CVE-2026-53317
A flaw was found in the Linux kernel's Wi-Fi drivers mt76 and mt7921. A remote attacker could exploit this by configuring a Wi-Fi station with an Association ID AID exceeding the expected limit. This malformed AID can cause a firmware crash, leading to a Denial of Service DoS on the affected...
samba: Missing access check on reparse point operations
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...
samba: Missing access check on reparse point operations
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...
samba: Missing access check on reparse point operations
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Venus: pmhelpers: Fixed a warning in the OPP phase during the probe. Fixed the following WARN messages that were triggered during the Venus driver probe in version 5.19.0-rc8-next-20220728: WARNING: CPU: 7 PID: 339 at...
[SECURITY] Fedora 43 Update: ongres-stringprep-2.4-1.fc43
The stringprep protocol does not stand on its own; it has to be used by other protocols at precisely-defined places in those other protocols...
CVE-2026-6045
LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...
CVE-2026-6039
LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...
OESA-2026-2631 python-pip security update
%changelog Sat Jul 13 2024 yangyuan [email protected] - 23.3.1-2 - Fix CVE-2023-45803 and CVE-2024-37891 Security Fixes: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel...
RLSA-2026:22963 Critical: samba security update
Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Missing access check on reparse point operations...
Linux Distros Unpatched Vulnerability : CVE-2026-49762
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a deni...