4068 matches found
CVE-2026-31780
In CVE-2026-31780, the Linux kernel wi l c1000 Wi‑Fi driver is affected by a heap buffer overflow in the SSID scan path. The code accumulates total SSID lengths into a variable declared as u8, allowing up to 330 bytes for 10 SSIDs, but the u8 wrap causes a 75-byte kmalloc allocation followed by a...
CPU exhaustion during message encoding due to O(n²) name compression
During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a heap buffer overflow due to a u8 overflow in the wilc1000 wireless driver, which could lead to memory...
homelab-security
Cybersecurity Home Lab A personal home lab built for hands-on...
CVE-2026-36758
A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36758
A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
PT-2026-36117
A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36758
A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36759
A Server-Side Request Forgery SSRF in the /themes/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36757
CVE-2026-36757 describes a Server-Side Request Forgery (SSRF) in halo v2.22.14. The vulnerability is triggered via the /plugins/{name}/upgrade-from-uri endpoint and can allow authenticated attackers to scan internal resources through a crafted GET request. Public sources in NVD/NVD-derived feeds ...
CVE-2026-36756
A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36757
A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36758
CVE-2026-36758 describes a Server-Side Request Forgery (SSRF) in halo v2.22.14 affecting the /themes/-/install-from-uri endpoint. Authenticated attackers can trigger the vulnerability with a crafted GET request to scan internal resources. The issue is documented across multiple sources (NVD, CVE ...
PT-2026-36132
A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36758
A Server-Side Request Forgery SSRF in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36756
A Server-Side Request Forgery SSRF in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
CVE-2026-36757
A Server-Side Request Forgery SSRF in the /plugins/name/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request...
Docker_Desktop_POC
Java vulnerable scan POC Minimal Maven project used to comp...
CVE-2026-41377
OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings...
CVE-2026-41377
OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings...