899 matches found
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a 1-byte padding hole in the proto field of the struct xfrmusersaid structure in the buildmapping...
CVE-2026-42077 Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...
Security Bulletin: Denial of Service in Axios via Malicious __proto__ in Configuration Object
Summary Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a maliciou...
CPU exhaustion during message encoding due to O(n²) name compression
During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...
async-std-resolver (>=0.25.0-alpha.1 <=0.25.0-alpha.5), ezk-sip-ua (>=0.5.0 <=0.7.1) +3 more potentially affected by unknown CVE via hickory-proto (=0.25.0-alpha.5)
hickory-proto CARGO version =0.25.0-alpha.5 is affected by a known vulnerability. The following packages have a transitive dependency on hickory-proto and may be impacted: - async-std-resolver =0.25.0-alpha.1, =0.5.0, =0.25.0-alpha.1, =0.25.0-alpha.5 - hickory-resolver =0.25.0-alpha.1 Source cves...
RUSTSEC-2026-0119 CPU exhaustion during message encoding due to O(n²) name compression
During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...
Exploit for Improper Handling of Insufficient Permissions or Privileges in Google Android
CVE-2026-0047: Missing Permission Check in ActivityManagerServ...
CVE-2026-7538
A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...
CVE-2026-7538 Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection
A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...
CVE-2026-7538
A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...
PT-2026-36291
Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection issue exists in the CGI Handler component. A remote attacker can initiate an attack by manipulating the proto argument within the '/cgi-bin/cstecgi.cgi' endpoint...
Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...
GHSA-XFXP-PPX7-CQRP camel-infinispan Vulnerable to Deserialization of Untrusted Data
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...
Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...
CVE-2026-6857
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...
CVE-2026-6857
CVE-2026-6857 affects camel-infinispan via unsafe deserialization in the ProtoStream remote aggregation repository. The flaw allows a remote attacker with low privileges to send crafted data to trigger arbitrary code execution, potentially gaining full control over the affected system and impacti...
CVE-2026-6857
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...
CVE-2026-6857
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...
PT-2026-34329
Name of the Vulnerable Software and Affected Versions camel-infinispan affected versions not specified Description Unsafe deserialization exists in the ProtoStream remote aggregation repository. A remote attacker with low privileges can send specially crafted data to achieve arbitrary code...
CVE-2026-40594
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...