1271 matches found
Stash < 0.26.0 - SQL Injection
Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter. id: CVE-2024-32231 info: name: Stash Stash" tags: cve,cve2024,stash,sqli,vuln http: - raw: - | POST /graphql HTTP/1.1 Host: Hostname Content-type: application/json...
CVE-2026-15458
The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sortfield' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
EUVD-2026-44867
The SEO Booster plugin for WordPress is vulnerable to generic SQL Injection via the 'sortfield' parameter in all versions up to, and including, 7.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
EUVD-2026-44603
A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...
CVE-2025-30008
HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...
EUVD-2025-210453
HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...
CVE-2025-30008 HestiaCP < 1.9.5 Stored XSS via DNS Record Management Interface
HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authenticated low-privilege users to inject arbitrary HTML by creating a DNS record with a double-quote followed by a script payload in the value field. The application fails to apply htmlspecialchars encoding ...
coreutils security update
An update is available for coreutils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The coreutils packages contain the GNU Core Utilities and represent a...
RLSA-2026:33124 Moderate: coreutils security update
The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fixes: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification CVE-2025-5278 For more details about the security...
Linux Distros Unpatched Vulnerability : CVE-2026-53335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/lrusort: handle ctx allocation failure DAMONLRUSORT allocates the damonctx object for its kdamond in its init function. damonlrusortenabledstore wrongl...
CVE-2026-53335
A flaw was found in the Linux kernel. The DAMONLRUSORT component, responsible for memory management, does not properly handle allocation failures of the damonctx object. This can lead to a NULL pointer dereference when damoncommitctx is called with a NULL ctx pointer, potentially causing a system...
CVE-2026-51946
SQL Injection vulnerability in GoAdminGroup GoAdmin last release v1.2.26 allows a remote attacker to execute arbitrary code and obtain sensitive information via the the sorttype URL parameter on all /admin/info/table endpoints...
CVE-2026-53335
In the Linux kernel, the following vulnerability has been resolved: mm/damon/lrusort: handle ctx allocation failure DAMONLRUSORT allocates the damonctx object for its kdamond in its init function. damonlrusortenabledstore wrongly assumes the allocation will always succeed once tried. If the...
CVE-2026-53334
In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: handle ctx allocation failure Patch series "mm/damon/reclaim,lrusort: handle ctx allocation failures". DAMONRECLAIM and DAMONLRUSORT could dereference NULL pointers if their damonctx object allocations fail. The...
UBUNTU-CVE-2026-53335
In the Linux kernel, the following vulnerability has been resolved: mm/damon/lrusort: handle ctx allocation failure DAMONLRUSORT allocates the damonctx object for its kdamond in its init function. damonlrusortenabledstore wrongly assumes the allocation will always succeed once tried. If the...
UBUNTU-CVE-2026-53334
In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: handle ctx allocation failure Patch series "mm/damon/reclaim,lrusort: handle ctx allocation failures". DAMONRECLAIM and DAMONLRUSORT could dereference NULL pointers if their damonctx object allocations fail. The...
CVE-2026-53335
The CVE-2026-53335 issue affects the Linux kernel component mm/damon/lru_sort. It arises when damon_lru_sort_enabled_store() allocates a damon_ctx object and does not handle a failed allocation; if ctx is NULL, code can reach damon_commit_ctx() and dereference the NULL pointer. The documented fix...
CVE-2026-53335
In the Linux kernel, the following vulnerability has been resolved: mm/damon/lrusort: handle ctx allocation failure DAMONLRUSORT allocates the damonctx object for its kdamond in its init function. damonlrusortenabledstore wrongly assumes the allocation will always succeed once tried. If the...
CVE-2026-53334
The CVE-2026-53334 entry concerns the Linux kernel’s DAMON subsystem (mm/damon/reclaim). Concrete details show that if damon_ctx allocations fail, code paths may dereference a NULL ctx pointer in the reclaim path, leading to a NULL dereference. The fix patches the init flow so that damon_reclaim_...
EUVD-2026-40968
In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: handle ctx allocation failure Patch series "mm/damon/reclaim,lrusort: handle ctx allocation failures". DAMONRECLAIM and DAMONLRUSORT could dereference NULL pointers if their damonctx object allocations fail. The...