Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from unvalidated format string parameters from the firmware, which could result in a crash or undefined behavior...

PT-2026-2548

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s networking subsystem, specifically the mlx5 firmware tracer, contained a flaw where format string parameters were not properly validated. This allowed potentially...

CVE-2025-69270

Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier...

CVE-2025-69270

Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier...

CVE-2025-69270 Spectrum session token in URL

Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier...

PT-2026-1945

Name of the Vulnerable Software and Affected Versions Broadcom DX NetOps Spectrum versions 24.3.8 and earlier Description A flaw exists in Broadcom DX NetOps Spectrum on Windows and Linux that could allow session hijacking through information exposure via query strings in GET requests...

CVE-2026-22027

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the converthexstringtobytearray function in th...

CVE-2023-50328

IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110...

CVE-2022-38884

The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

CVE-2022-38885

The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

CVE-2022-38881

The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

CVE-2022-31753

The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability...

CVE-2020-12784

cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings SEC-505...

CVE-2025-23026

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

EUVD-2026-1160

Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No...

Amazon Linux 2023 : cni-plugins (ALAS2023-2025-1321)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1321 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2025-1335)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1335 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

CVE-2025-61549

CVE-2025-61549 affects edu Business Solutions Print Shop Pro WebDesk 18.34. The LoginID parameter on /PSP/app/web/reg/reg_display.asp is vulnerable to reflected XSS due to unsanitized input reflected in HTTP responses without proper HTML encoding. Impact: arbitrary JavaScript execution in a victi...

GHSA-RVJX-CFJH-5MC9 loggingredactor converts non-string types to string types in logs

Impact Non-string types are converted into string types, leading to type errors in %d conversions. Patches The problem has been patched in version 0.0.6. Workarounds None without patching. Resources Issue report: https://github.com/armurox/loggingredactor/issues/7 Release:...

Malicious code in oj-sp-common-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5466d410ace77d36cbf4ad77f4ff2bec3030d7b19266a78de448ef1517b2679 The package oj-sp-common-strings was found to contain malicious code. Source: ghsa-malware...