533 matches found
Astra Linux – Vulnerability in zlib
Zlib before version 1.3.2 allowed CPU consumption through crc32combine64 and crc32combinegen64, because x2nmodp could perform right shifts within a loop without a termination condition...
EUVD-2026-37653
Unauthenticated Local File Inclusion in Right Way = 4.0 versions...
CVE-2026-22330
Unauthenticated Local File Inclusion in Right Way = 4.0 versions...
CVE-2026-22330
CVE-2026-22330 describes an Unauthenticated Local File Inclusion vulnerability in the WordPress theme Right Way (version ≤ 4.0). The Patchstack entry and CVE listing confirm the flaw exists in this theme and is currently described as unpatched within the dataset. The CVSS/metrics indicate a high-...
CVE-2026-22330 WordPress Right Way theme <= 4.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Right Way = 4.0 versions...
CVE-2026-6246
The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-9078
Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...
CVE-2026-9078
Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...
CVE-2026-9078 Firefox iOS RTL Domain Rendering Issue in Link Preview
Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...
EUVD-2026-31693
Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...
CVE-2026-9078
Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...
Mozilla Firefox for iOS 安全漏洞
Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security vulnerability exists in Mozilla Firefox for iOS prior to version 151.1, which stems from the incorrect display of specially crafted right-to-left domain names and internationalized...
Security Vulnerabilities fixed in Firefox for iOS 151.1 — Mozilla
Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: disabling the sending of iouring via sockets File reference cycles have caused many problems for iouring in the past. It still doesn’t work correctly, and it causes races with unixstreamreadgeneric. The safest...
Astra Linux – Vulnerability in Vim
A heap-based buffer overflow exists in Vim/vim 9.0.0946 and earlier, as it allows an attacker to use CTRL-W gf in the expression used in the right-hand side of the substitute command...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixed a shift-out-of-bounds/overflow issue in nilfssb2badoffset. The patch series “nilfs2: Fix UBSAN shift-out-of-bounds warnings during mount time” addresses this issue. The first patch fixes a bug reported by syzbot,...
OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle
Summary The BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry OpenMcdf/DirectoryTree.cs:35-46 walks directory entries by repeatedly calling directories.TryGetSiblingchild, siblingType, validateColor. A crafted CFB file with cyclic Left/Right sibling links among directory entries -...
SUSE CVE-2026-42050
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerabilit...
CVE-2026-42050
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. This vulnerabilit...
ImageMagick 安全漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 7.1.2-21 and 6.9.13-46 contained security vulnerabilities. These vulnerabilities were due ...