Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the capsetfile function. An attacker can gain elevated privileges by exploiting a race condition during file capability updates, redirecting capabilities to an attacker-controlled file...

CVE-2026-5605

A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the...

CVE-2026-5605

PTSecurity PT-2026-30460 documents CVE-2026-5605 as a disclosed vulnerability affecting the Tenda CH22. The entry notes an increase in severity but provides no concrete technical details (no root cause, affected functions, versions, exploit vectors, or remediation steps) in the supplied documents...

EUVD-2026-19081

A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The...

FreeBSD : MongoDB Server -- CWE-617: Reachable Assertion (a117f43b-2f7b-11f1-89f4-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a117f43b-2f7b-11f1-89f4-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-101758 reports: A user with access to the cluster with a limited...

FEDML 路径遍历漏洞

FEDML is a unified and scalable machine learning training and deployment library open sourced by TensorOpera. Versions of FEDML 0.8.9 and earlier contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter dataSet, which could lead to path travers...

SUSE CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

SUSE CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

CVE-2026-5339

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

CVE-2026-23436

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

UBUNTU-CVE-2026-23434

In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: serialize lock/unlock against other NAND operations nandlock and nandunlock call into chip-ops.lockarea/unlockarea without holding the NAND device lock. On controllers that implement SETFEATURES via multiple low-lev...

GHSA-W799-7525-RPR6 Casdoor vulnerable to Stored XSS via Application formCss / formSideHtml

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

JLSEC-2026-41

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

JLSEC-2026-49

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

CVE-2026-33691

A flaw was found in the OWASP core rule set CRS, a set of generic attack detection rules for web application firewalls. A remote attacker could exploit this vulnerability by inserting whitespace padding into filenames during file uploads. This bypasses the file extension checks, allowing the uplo...

GHSA-FQWM-6JPJ-5WXC Tornado has cookie attribute injection via .RequestHandler.set_cookie

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

CVE-2026-35536

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

CVE-2026-35536

Tornado

CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...