CLSA-2026-1776345550 systemd: Fix of CVE-2026-4105

CVE-2026-4105: machined: reject invalid class types when registering machines...

Google to Verify All Android Developers in 4 Countries to Block Malicious Apps

Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store. "Android will require all apps to be registered by verified developers in order to be installed by users on certified...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when cowfilerange failed CVE-2024-57976 In the Linux kernel, the following vulnerability has been resolved: kernel: be more careful about dupmmap failures and uprobe registering...

um: Add winch to winch_handlers before registering winch IRQ

...

CVE-2024-38664

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmpdpsub: Always register bridge We must always register the DRM bridge, since zynqmpdphpdworkfunc calls drmbridgehpdnotify, which in turn expects hpdmutex to be initialized. We do this before zynqmpdpsubdrminit since tha...

CVE-2024-36479 fpga: bridge: add owner module and take its refcount

In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcoun...

CVE-2024-39292 um: Add winch to winch_handlers before registering winch IRQ

In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winchhandlers before registering winch IRQ Registering a winch IRQ is racy, an interrupt may occur before the winch is added to the winchhandlers list. If that happens, registerwinchirq adds to that list a winch...

SUSE CVE-2024-36900

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during initialization The devlink reload process will access the hardware resources, but the register operation is done before the hardware is initialized. So, processing the devlin...

grafana: using email as a username can block other users from signing in

A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email...

CVE-2020-20522

Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter...

KiteCMS 跨站脚本漏洞

KiteCMS is a website CMS. A security vulnerability exists in KiteCMS v.1.1. An attacker can exploit this vulnerability to execute arbitrary code via the registering user parameter...

PT-2023-11555 · Kitecms · Kitecms

Name of the Vulnerable Software and Affected Versions: KiteCMS version 1.1 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the registering user parameter. This enables the attacker to perform unauthorized actions on the system. Recommendations: For...

SUSE CVE-2014-9773

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the 1 LIST, 2 CLEAR, or 3 MODIFY keyword nicks...

Exploit for Incorrect Authorization in Polkit_Project Polkit

PolicyKit CVE-2021-3560 Exploit Authentication Agent ====...

CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

Dropcontact: Registering with email [ +70 Chars ] Lead to Disclose some informations [Django Debug Mode ]

We were displaying / leaking sytems information in case of app crash...

Binary vulnerability in the Information Technology Exam Practice System for Shincao Middle Schools (Middle Schools in Shandong Province)

Xinkao Middle School Information Technology Exam Practice System is an information technology exam practice system developed by Jinan Kaoyuan Information Technology Co. A binary vulnerability exists in Xinkao Middle School Information Technology Exam Practice System Middle School in Shandong...

CVE-2008-6631

Multiple cross-site scripting XSS vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 user parameter in a sendmessage action and the 2 username parameter when registering a new user, different vectors than CVE-2008-0679...

cameralife-upload.txt

CameraLife-2.6.2b4 Arbitrary File Upload Vulnerability + Author:Mi4night + Version:cameralife-2.6.2b4 + Download Script: + http://sourceforge.net/project/showfiles.php?groupid=70910&packageid=70316&releaseid=628868 + Exploit: +...

Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit

Exploit for unknown platform in category web applications ============================================================== Wordpress 2.6.1 SQL Column Truncation Admin Takeover Exploit ============================================================== !/usr/bin/php =5.2.1 you'll need to be as well, in...