CVE-2026-29084

CVE-2026-29084 affects Gokapi (self-hosted file sharing server). Before version 2.2.3 its login flow lacks CSRF protection tied to the browser session context; the handler parses form values and creates a session after credential validation, enabling potential unauthorized session creation. The i...

EUVD-2025-201901

An XSS vulnerability in pxcportCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-41746 Reflected XSS vulnerability in pxc_portSecCfg.php

An XSS vulnerability in pxcportSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...

EUVD-2025-9415

Malicious code in bioql PyPI...

CVE-2024-8008

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...

CVE-2024-7103

WSO2 Identity Server 7.0.0 is affected by a reflected XSS in the sub-organization login flow caused by improper input validation. An attacker could inject arbitrary JavaScript into the login flow, potentially modifying the UI, redirecting users, or exfiltrating data from the browser. The vulnerab...

CVE-2025-37926 ksmbd: fix use-after-free in ksmbd_session_rpc_open

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdsessionrpcopen A UAF issue can occur due to a race condition between ksmbdsessionrpcopen and sessionrpcclose. Add rpclock to the session to protect it...

PT-2025-22187

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue can occur due to a race condition between the ksmbd session rpc open and session rpc close functions. This is resolved by adding rpc lock to the session to protect...

SUSE CVE-2025-21906

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: clean up ROC on failure If the firmware fails to start the session protection, then we do call iwlmvmrocfinished here, but that won't do anything at all because IWLMVMSTATUSROCP2PRUNNING was never set. Set...

DEBIAN-CVE-2025-21906

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: clean up ROC on failure If the firmware fails to start the session protection, then we do call iwlmvmrocfinished here, but that won't do anything at all because IWLMVMSTATUSROCP2PRUNNING was never set. Set...

CVE-2025-21906

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: clean up ROC on failure If the firmware fails to start the session protection, then we do call iwlmvmrocfinished here, but that won't do anything at all because IWLMVMSTATUSROCP2PRUNNING was never set. Set...

CVE-2025-21906

Summary: CVE-2025-21906 in the Linux kernel relates to the wifi: iwlwifi: mvm ROC handling. The issue occurs when the firmware fails to start session protection; IWL_MVM_STATUS_ROC_P2P_RUNNING may never be set, causing a WARN_ON() on a remaining on-channel link. The fix adds setting IWL_MVM_STATU...

CVE-2025-21906 wifi: iwlwifi: mvm: clean up ROC on failure

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: clean up ROC on failure If the firmware fails to start the session protection, then we do call iwlmvmrocfinished here, but that won't do anything at all because IWLMVMSTATUSROCP2PRUNNING was never set. Set...

CVE-2025-21906 wifi: iwlwifi: mvm: clean up ROC on failure

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: clean up ROC on failure If the firmware fails to start the session protection, then we do call iwlmvmrocfinished here, but that won't do anything at all because IWLMVMSTATUSROCP2PRUNNING was never set. Set...

kernel: wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pick the version of SESSIONPROTECTIONNOTIF The Linux kernel CVE team has assigned CVE-2024-35913 to this issue. Upstream advisory:...

silverstripe/framework's User-Agent header not correctly invalidating user session

A security protection device in Session designed to protect session hijacking was not correctly functioning. This function intended to protect user sessions by detecting changes in the User-Agent header, but modifications to this header were not correctly invalidating the user session...

SUSE CVE-2024-35913

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pick the version of SESSIONPROTECTIONNOTIF When we want to know whether we should look for the macid or the linkid in struct iwlmvmsessionprotnotif, we should look at the version of SESSIONPROTECTIONNOTIF. Thi...

DEBIAN-CVE-2024-35913

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pick the version of SESSIONPROTECTIONNOTIF When we want to know whether we should look for the macid or the linkid in struct iwlmvmsessionprotnotif, we should look at the version of SESSIONPROTECTIONNOTIF. Thi...

UBUNTU-CVE-2024-35913

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pick the version of SESSIONPROTECTIONNOTIF When we want to know whether we should look for the macid or the linkid in struct iwlmvmsessionprotnotif, we should look at the version of SESSIONPROTECTIONNOTIF. Thi...

CVE-2024-35913 wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pick the version of SESSIONPROTECTIONNOTIF When we want to know whether we should look for the macid or the linkid in struct iwlmvmsessionprotnotif, we should look at the version of SESSIONPROTECTIONNOTIF. Thi...