370 matches found
CVE-2026-36460
Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...
PT-2026-45989
Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...
EUVD-2026-34140
Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...
CVE-2026-36460
ADPhonebook versions before 4.0.1.1 are affected by a stored Cross-Site Scripting (XSS) vulnerability via the /Admin/Save API. An authenticated administrator can place malicious JavaScript payloads into multiple configuration sections due to insufficient input validation or lack of proper output ...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: objtool: A memory leak has been fixed in the createStaticcallsections function. strdup allocates memory for keyname. We need to release this allocated memory in the following error-prone code paths. Add free to avoid the memory...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: rvcm: mm: Fixed the out-of-bound issue with vmemmap addresses In the sparse vmemmap model, the virtual address of vmemmap is calculated as: struct page VMEMMAPSTART - physrambase PAGESHIFT. The virtual address of struct page can ...
SUSE CVE-2026-43289
In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexecloadpurgatory derives image-start by locating eentry inside an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with overlapping shaddr, the...
CVE-2026-43289
In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexecloadpurgatory derives image-start by locating eentry inside an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with overlapping shaddr, the...
CVE-2026-43289
In the Linux kernel, the following vulnerability has been resolved: kexec: derive purgatory entry from symbol kexecloadpurgatory derives image-start by locating eentry inside an SHFEXECINSTR section. If the purgatory object contains multiple executable sections with overlapping shaddr, the...
PT-2026-38931
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the kexec load purgatory function, the image-start value is derived by locating e entry within an SHF EXECINSTR section. If the purgatory object contains multiple executable sections...
CVE-2026-41650
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...
CLSA-2026-1777479919 bind: Fix of CVE-2025-40778
CVE-2025-40778: reject forged records in answer sections to prevent cache poisoning via crafted responses - build tests improved...
media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
...
CVE-2026-31599
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtvchannelpmtmatchsections syzbot reported a general protection fault in vidtvpsidescassign 1. vidtvpsipmtstreaminit can return NULL on memory allocation failure, but...
DEBIAN-CVE-2026-31599
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtvchannelpmtmatchsections syzbot reported a general protection fault in vidtvpsidescassign 1. vidtvpsipmtstreaminit can return NULL on memory allocation failure, but...
CVE-2026-31599
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtvchannelpmtmatchsections syzbot reported a general protection fault in vidtvpsidescassign 1. vidtvpsipmtstreaminit can return NULL on memory allocation failure, but...
CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtvchannelpmtmatchsections syzbot reported a general protection fault in vidtvpsidescassign 1. vidtvpsipmtstreaminit can return NULL on memory allocation failure, but...
EUVD-2026-25492
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtvchannelpmtmatchsections syzbot reported a general protection fault in vidtvpsidescassign 1. vidtvpsipmtstreaminit can return NULL on memory allocation failure, but...
CLSA-2026-1776935009 bind: Fix of CVE-2025-40778
CVE-2025-40778: reject forged records in answer sections to prevent cache poisoning via crafted responses - build tests improved...
CVE-2026-39856
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...