1841 matches found
CVE-2026-24189
NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure...
CVE-2026-24189
NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure...
Security Bulletin: NVIDIA CUDA-Q - April 2026
NVIDIA has released a software update for NVIDIA® CUDA-Q. To protect your system, clone or update this software to CUDA-Q v0.14.0 or later from CUDA-Q on GitHub. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security update addresses...
NVIDIA CUDA-Q 缓冲区错误漏洞
NVIDIA CUDA-Q is a hybrid quantum-classical computing development platform provided by NVIDIA Corporation. NVIDIA CUDA-Q has a buffer error vulnerability, which stems from out-of-bounds read operations at the endpoint. This vulnerability could allow unauthorized attackers to cause denial of servi...
Privacy-Aware Machine Unlearning with SISA for Reinforcement Learning-Based Ransomware Detection
Ransomware detection systems increasingly rely on behavior-based machine learning to address evolving attack strategies. However, emerging privacy compliance, data governance, and responsible AI deployment demand not only accurate detection but also the ability to efficiently remove the influence...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007368)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007368 advisory. In the Linux kernel, the following vulnerability has been resolved: igb: Do not free qvector unless new one was allocated Avoid potential use-after-free condition...
CVE-2026-31421
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsfw: fix NULL pointer dereference on shared blocks The old-method path in fwclassify calls tcfblockq and dereferences q-handle. Shared blocks leave block-q NULL, causing a NULL deref when an empty clsfw filter is...
MINI-QFP5-7FVP-56Q3
Bulletin has no description...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: golangci-lint, haproxy-ingress, kyverno-policy-reporter-ui, fluxcd-kustomize-mutating-webhook, hugo, cloud-provider-aws, helm-mapkubeapis, terraform-provider-kubernetes, kserve-rest-proxy, newrelic-nri-statsd, telegraf, kubernetes-csi-external-resizer,...
GHSA-CHQC-8P9Q-PQ6Q
creationtimestamp| type| source ---|---|--- 2026-04-09 19:23:14+00:00| seen| Telegram/Y2UpQC9zCL6PqNfAxsSoQJ7YUumR5oW0JI3RILB7SgtOVH4 2026-04-13 12:02:56+00:00| seen| https://gist.github.com/subaruoutbacksteakhouse/755867cb60dca06f145990b4865d6eee...
CVE-2026-34400
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...
SQL Injection
Overview alerta-server is an Alerta server WSGI application Affected versions of this package are vulnerable to SQL Injection in the q parameter of the query string API due to direct interpolation of user-supplied input into SQL statements using f-strings. An attacker can execute arbitrary SQL...
GHSA-8PRR-286P-4W7J alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API
Impact The Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. Patches Fixed in v9.1.0. The Postgres query parser now uses parameterized queries wit...
CVE-2026-34400
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...
CVE-2026-3321
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...
CVE-2026-3321 Authorization Bypass in ON24 Q&A chat
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...
UBUNTU-CVE-2026-23353
In the Linux kernel, the following vulnerability has been resolved: ice: fix crash in ethtool offline loopback test Since the conversion of ice to page pool, the ethtool loopback test crashes: BUG: kernel NULL pointer dereference, address: 000000000000000c PF: supervisor write access in kernel mo...
CVE-2019-25513
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind...
CVE-2019-25513 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection via datagetir.php
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send GET requests to datagetir.php with malicious 'q' values using time-based blind...
Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞
Jettweb PHP Preconfigured News Sites Script is a content management system developed by the Turkish company Jettweb. The Jettweb PHP Preconfigured News Sites Script V3 version has a SQL injection vulnerability. This vulnerability stems from the q parameter, which allows for SQL injections. It cou...