Cross-site Scripting (XSS)

Overview solspace/craft-freeform is a flexible and user-friendly form building plugin! Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the use of the dangerouslySetInnerHTML function in various client and plugin page components. An attacker can execute arbitrar...

CVE-2025-68139

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

SUSE-SU-2026:0262-1 Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.38 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline...

CVE-2026-1329

A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be...

CVE-2026-1329

A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be...

CVE-2025-12738

Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...

CVE-2026-1329

A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be...

CVE-2026-1329 Tenda AX1803 WifiGuestSet fromGetWifiGuestBasic stack-based overflow

A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be...

CVE-2026-1329

CVE-2026-1329 affects Tenda AX1803, v1.0.0.1. A stack-based buffer overflow exists in the fromGetWifiGuestBasic function in /goform/WifiGuestSet. Attackers can remotely manipulate arguments such as guestWrlPwd, guestEn, guestSsid, hideSsid, and guestSecurity to trigger the overflow. Exploitation ...

CVE-2026-1327 Totolink NR1800X POST Request cstecgi.cgi setTracerouteCfg command injection

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...

CVE-2025-12738 Enumeration of restricted property value

Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate access to the database. The vulnerability allows attacker without read access to a property to infer information about its value by trying t...

CVE-2025-12738

Neo4j Enterprise editions before 2025.11.2 and 5.26.17 are vulnerable to information disclosure. An attacker with some legitimate access can infer the value of a property by enumerating possible values and observing error messages from SET property, without requiring read access. Upstream fixes a...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42067)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42067 advisory. - In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from setmemoryrox into...

VulnCheck KEV: CVE-2025-8829

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function umred of the file /goform/RPsetBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched...

Azure Linux 3.0 Security Update: kernel (CVE-2024-24858)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24858 advisory. - A race condition was found in the Linux kernel's net/bluetooth in conn,advmin,maxintervalset function. This...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37789)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37789 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27397)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27397 advisory. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timesta...

Azure Linux 3.0 Security Update: kernel (CVE-2024-27017)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27017 advisory. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walk over curre...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38263)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38263 advisory. - In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cachesetflu...

📄 macOS 10.12.2 XNU Kernel Race Condition

This proof of concept code demonstrates a race condition observed in the setdpcontrolport function within XNU kernel versions prior to macOS 10.12.2 and iOS 10.2...