7450 matches found
CVE-2026-33179 libfuse: NULL Pointer Dereference and Memory Leak in io_uring Queue Initialization
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...
CVE-2026-33025
AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost method of Object.php. The $POST'sort' array keys are used directly as SQL column identifiers inside an ORDER BY clause. Although realescapestring was applied, it only escapes...
PT-2026-26706
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, t...
Discourse 信息泄露漏洞
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that originates when the ipaddress of a tagged user is exposed to any user...
CVE-2026-27740
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interfa...
CVE-2026-27740 Discourse has Stored XSS in AI Triage Automation
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interfa...
CVE-2026-27740 Discourse has Stored XSS in AI Triage Automation
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interfa...
EUVD-2026-13194
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interfa...
CVE-2026-27740
Discourse (open-source discussion platform) is affected by CVE-2026-27740. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 are vulnerable to stored XSS caused by trusting raw output from an AI Large Language Model and rendering it with htmlSafe in the Review Queue without adequate san...
CVE-2026-27740 Discourse has Stored XSS in AI Triage Automation
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw output from an AI Large Language Model LLM and renders it using htmlSafe in the Review Queue interfa...
Origin Validation Error
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Origin Validation Error via the @localcheck decorator. An attacker can gain unauthorized access to restricted API endpoints by spoofing the Host header in...
SUSE CVE-2026-23258
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...
SUSE CVE-2026-23262
In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based on the total size of the stats region and the size o...
Discourse 跨站脚本漏洞
Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contained a cross-site scripting vulnerability. This...
PT-2026-26361
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse, an open-source discussion platform, is affected by a cross-site scripting issue. The system improper...
EUVD-2026-12890
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...
EUVD-2026-12898
In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based on the total size of the stats region and the size o...
CVE-2026-23262
In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based on the total size of the stats region and the size o...
CVE-2026-23258
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...
CVE-2026-23262
In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in memory for stats reporting. The NIC calculates its offset into this region based on the total size of the stats region and the size o...