KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...

CVE-2026-56104

Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...

CVE-2026-56104

CVE-2026-56104 affects Chainlit prior to 2.10.1. A session-hijacking flaw lets unauthenticated attackers restore and inherit an authenticated user session by presenting a valid sessionId during WebSocket session restoration, without ownership verification. The attacker can exploit the restore_exi...

EUVD-2026-38285

Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...

CVE-2026-56104 Chainlit < 2.10.1 Session Hijacking via WebSocket Session Restoration

Chainlit before 2.10.1 contains a session hijacking vulnerability that allows unauthenticated attackers to restore and inherit authenticated user sessions by presenting a valid sessionId during WebSocket session restoration without ownership verification. Attackers can exploit the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: powerpc64/ftrace: fixed the issue where r15 was clobbered during livepatching. While r15 is always clobbered when PPCFTRACEOUTOFLINE occurs, it is not restored during the livepatch sequence, resulting in less obvious failures,...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Bonding: Restore the IFFSLAVE flag of the bond if a non-Ethernet device is used as a slave during a bonding process fails. A warning was reported by syzbot1. In this case, the bonding device itself is a slave, and we attempt to u...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: lan966x: Fixed issues related to use-after-free and leaks in lan966xfdmareload. When lan966xfdmareload fails to allocate new RX buffers, the restore path restarts DMA using old descriptors whose pages have already been...

PT-2026-51058

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description The CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image...

CVE-2026-47349

Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2026-47349

CVE-2026-47349 affects TYPO3 CMS where backend users with access to the Recycler module could restore soft-deleted records on pages or tables they are not authorized to modify. Affected versions: 10.4.57 and earlier in 10.x; 11.0.0–11.5.51; 12.0.0–12.4.46; 13.0.0–13.4.31; 14.0.0–14.3.3. Root caus...

CVE-2026-47349 TYPO3 CMS - Broken Access Control in Recycler

Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2026-47349 TYPO3 CMS - Broken Access Control in Recycler

Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2026-40325

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.restore function does not properly validate anti-CSRF tokens for content restoration requests. An attacker can trick a logged-in administrator to submit a forged request that restores deleted...

Stored Cross-Site Scripting (XSS)

TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of forged mce:protected comments, which allows an attacker to bypass content sanitization and inject malicious scripts that execute when the protected content is restored...

CVE-2026-44885 Portainer: Path traversal in backup archive extraction allows arbitrary file write

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.9.6 contained a security vulnerability. This vulnerability stemmed from functions defined in the sandbox that exposed Function.caller, potentially allowing sandbox-constructed code to restore internal...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ipmi:si driver failing to restore its state when message allocation fails...

PT-2026-44325

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description The hid-appletb-kbd driver contains an issue where the autodim code attempts to acquire backlight device-ops lock via backlight device set brightness and mutex lock from atomic contexts. Th...

CVE-2026-45987

A flaw was found in the KVM Kernel-based Virtual Machine nSVM component of the Linux kernel. This vulnerability occurs when the interrupt shadow state is not correctly synchronized to the cached Virtual Machine Control Block VMCB after a Level 2 L2 guest virtual machine VM execution. A local...