360 matches found
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: Thermal: Intel: quarkdts: fixed error pointer dereferencing. If allocsocdts fails, we can simply return. Trying to free “socdts” will result in a fatal error...
CVE-2026-45228
Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...
CVE-2026-45229
Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...
EUVD-2026-30173
Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...
EUVD-2026-30174
Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...
CVE-2026-45228
Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...
CVE-2026-45229
Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...
CVE-2026-45228 Quark Drive (quark-auto-save) < 0.8.5 Stored XSS via System Configuration
Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...
CVE-2026-45228
Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...
CVE-2026-45228
Quark Drive
CVE-2026-45228 Quark Drive (quark-auto-save) < 0.8.5 Stored XSS via System Configuration
Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders pushconfig key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the...
CVE-2026-45229
The CVE concerns Quark Drive prior to 0.8.5, where a mass assignment flaw in the POST /update endpoint lets an authenticated attacker overwrite administrator credentials by posting an arbitrary webui object to the config_data dictionary. Poor deny-list filtering enables permanent replacement of s...
CVE-2026-45229 Quark Drive (quark-auto-save) < 0.8.5 Mass Assignment via POST /update
Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...
CVE-2026-45229
Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...
CVE-2026-45229 Quark Drive (quark-auto-save) < 0.8.5 Mass Assignment via POST /update
Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...
quark-auto-save 安全漏洞
Quark-auto-save is a personal development tool created by Cp0204, designed for automatic transfer of data to Quark Cloud Storage and management of sign-ins. Versions of quark-auto-save prior to 0.8.5 contained security vulnerabilities. These vulnerabilities stemmed from a batch assignment...
PT-2026-40801
Name of the Vulnerable Software and Affected Versions Quark Drive versions prior to 0.8.5 Description A mass assignment issue exists in the "POST /update" endpoint. Authenticated attackers can overwrite administrator credentials by submitting an arbitrary webui object to the config data dictionar...
PT-2026-40800
Name of the Vulnerable Software and Affected Versions Quark Drive versions prior to 0.8.5 Description A stored cross-site scripting issue exists in the System Configuration page. The template renders push config key names using the Vue.js v-html directive without proper escaping. Authenticated...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013355)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013355 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal: intel: quarkdts: fix error pointer dereference If allocsocdts fails, then we can just...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011134)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011134 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal: intel: quarkdts: fix error pointer dereference If allocsocdts fails, then we can just...