4518 matches found
CVE-2026-4170
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmcsync.php of the component HTTP Request Handler. Executing a manipulation of the argument templatepath can lead to os command injection. The...
CVE-2026-3958 Woahai321 ListSync JSON api_server.py requests.post server-side request forgery
A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/apiserver.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The...
CVE-2026-3089
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside...
list-sync 代码问题漏洞
List-Sync is a tool developed by WoahAI personal developers, used for automatically syncing media servers with viewing lists. Versions of List-Sync 0.6.6 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations in the requests.post function of the component’s JS...
EUVD-2026-10575
In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tlsswcancelworktx This issue was discovered during a code audit. After canceldelayedworksync is called from tlsskprotoclose, txworkhandler can still be scheduled from paths such as the Delayed ACK handl...
EUVD-2026-10573
In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...
EUVD-2026-10574
In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...
CVE-2026-23239
In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...
CVE-2026-30870
PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in...
CVE-2026-23240 tls: Fix race condition in tls_sw_cancel_work_tx()
In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tlsswcancelworktx This issue was discovered during a code audit. After canceldelayedworksync is called from tlsskprotoclose, txworkhandler can still be scheduled from paths such as the Delayed ACK handl...
CVE-2026-23239 espintcp: Fix race condition in espintcp_close()
In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...
CVE-2026-23239
In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...
CVE-2026-23239
CVE-2026-23239 concerns the Linux kernel espintcp subsystem. A race condition was introduced where, after cancel_work_sync() is called from espintcp_close(), espintcp_tx_work() could still be scheduled from paths like the Delayed ACK handler or ksoftirqd. This could allow the worker to dereferenc...
CVE-2026-23239 espintcp: Fix race condition in espintcp_close()
In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcpclose This issue was discovered during a code audit. After cancelworksync is called from espintcpclose, espintcptxwork can still be scheduled from paths such as the Delayed ACK handler or...
EUVD-2026-10340
Actual Sync Server has an Authenticated Path Traversal...
EUVD-2026-10341
Actual Sync Server has an Authenticated Path Traversal...
GHSA-27VG-33GH-4HWG Actual Sync Server has an Authenticated Path Traversal
Description Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outsid...
Google Pixel 安全漏洞
The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability. This vulnerability stems from the lack of boundary checks in the DeviceId function within DeviceId.java, which results in persistent data synchronization issues. This may lead to an increase in...
Actual Sync Server has an Authenticated Path Traversal
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside userFiles...
EUVD-2026-10416
PowerSync Service is the server-side component of the PowerSync sync engine. In version 1.20.0, when using new sync streams with config.edition: 3, certain subquery filters were ignored when determining which data to sync to users. Depending on the sync stream configuration, this could result in...