44 matches found
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed the issue where a tainted pointer was deleted instead of the previously created rules when the flow rule creation failed. In the case of a flow rule creation failure in mlx5lagcreateportseltable, the tainted point...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly linking new fs rules into the tree Previously, addrulefg would only add newly created rules from the handle into the tree when their refcount was 1. On the other hand, createflowhandle attempts to find and...
Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function
Summary A stored Cross-site Scripting XSS vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of...
CVE-2026-23608 GFI MailEssentials AI < 22.4 Email Management Mail Monitoring Rule Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Mail Monitoring rule creation endpoint. An authenticated user can supply HTML/JavaScript in the JSON "name" field to /MailEssentials/pages/MailSecurity/MailMonitoring.aspx/Save, which is stored...
CVE-2026-23606 GFI MailEssentials AI < 22.4 Advanced Content Filtering Rule Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to...
CVE-2026-23606 GFI MailEssentials AI < 22.4 Advanced Content Filtering Rule Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to...
CVE-2026-23605
GFI MailEssentials AI (before 22.4) contains a stored XSS in the Attachment Filtering rule creation workflow. An authenticated user can inject HTML/JavaScript into the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter of /MailEssentials/pages/MailSecurity/attachmentchecking.aspx. The input is ...
CVE-2026-23605 GFI MailEssentials AI < 22.4 Attachment Filtering Rule Stored XSS
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...
CVE-2026-23604
GFI MailEssentials AI versions prior to 22.4 are affected by a stored cross-site scripting (XSS) vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can inject HTML/JavaScript into the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter of the /MailEssentials/pag...
GFI MailEssentials AI 安全漏洞
GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage-based cross-site scripting issue in th...
GFI MailEssentials AI 安全漏洞
GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage-type cross-site scripting issue in the...
PT-2026-20886
Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description The software contains a stored cross-site scripting issue in the Advanced Content Filtering rule creation workflow. A logged-in user can inject HTML or JavaScript code via the txtRuleNam...
PT-2026-20885
Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting issue in the Attachment Filtering rule creation workflow. An authenticated user can provide HTML or...
GFI MailEssentials AI 安全漏洞
GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from the process of creating advanced content filteri...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005022)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005022 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA: Verify port when creating flow rule Validate port value provided by the user and with that...
PT-2025-52726
Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 25.12.0 Description LibreNMS, an auto-discovering PHP/MySQL/SNMP based network monitoring tool, contains a stored cross-site scripting issue in the Alert Rule API. The alert rule name is not properly sanitized,...
CVE-2025-11975 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...
CVE-2025-11976 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Cross-Site Request Forgery to Sync Rule Creation
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...
EUVD-2022-36960
Malicious code in bioql PyPI...
CVE-2023-53303 net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule()
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix possible memory leak for vcapduprule Inject fault When select CONFIGVCAPKUNITTEST, the below memory leak occurs. If kzalloc for duprule succeeds, but the following kmemdup fails, the duprule, ckf and...