142 matches found
BIT-JOOMLA-2026-48901 Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects
The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...
CVE-2026-48901
The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...
CVE-2026-48901
The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...
EUVD-2026-31871
The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...
CVE-2026-48901
The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...
CVE-2026-48901 Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects
The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...
PT-2026-43319
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The getInstance function within the InputFilter class fails to include a security-sensitive parameter when generating the instance cache key. Recommendations At...
Warehouse Inventory Management System 授权问题漏洞
Warehouse Inventory Management System is a warehouse inventory management system developed by go2ismail. The Warehouse Inventory Management System versions 9.20250118 and earlier have an authorization issue vulnerability. This vulnerability arises from improper authorization due to operations on...
CVE-2025-70646
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub72290 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-70646
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub72290 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-70646
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub72290 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
PT-2026-3783
Name of the Vulnerable Software and Affected Versions Tenda AX1803 version 1.0.0.1 Description The Tenda AX1803 version 1.0.0.1 contains a stack overflow in the security parameter of the sub 72290 function. A crafted request can trigger a Denial of Service DoS. Recommendations At the moment, ther...
CVE-2025-70646
CVE-2025-70646 affects Tenda AX1803 v1.0.0.1, with a stack overflow in the security parameter of the sub_72290 function. This leads to a Denial of Service (DoS) via a crafted request. Documented across NVD/Red Hat/NVD mirrors, the CVSSv3.1 base score is 7.5 (HIGH) with NETWORK access, low attack ...
Tenda AX1803 security vulnerabilities
The Tenda AX1803 is a dual-band Gigabit WIFI6 router produced by the Chinese company Tenda. The Tenda AX1803 v1.0.0.1 version contains a security vulnerability. This vulnerability stems from a stack overflow in the security parameter of the sub72290 function, which may lead to a denial-of-service...
CVE-2025-71020
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub4C408 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-71020
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub4C408 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-71020
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub4C408 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-71020
CVE-2025-71020 affects Tenda AX-1806 router, specifically v1.0.0.1, with a stack overflow in the security parameter of the sub_4C408 function that enables Denial of Service via a crafted request. The PT-2026-3257 entry confirms the affected software and provides a remediation path: update to a ne...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrmallocspi shouldn't use 0 as SPI x-id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 "xfrm: Duplicate SPI Handling", we now create states and add them to the byspi list with this value. xfrmstatedelete...
CVE-2025-66313 ChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameter
ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP causes deterministic server-side delays, proving the value is incorporated into a SQL query without proper...