12600 matches found
PageIndex 安全漏洞
PageIndex is an open-source inference-based retrieval-enhanced generation tool developed by Vectify AI. There are security vulnerabilities in PageIndex f50e52975313c6716c02b20a119577a1929decba and previous versions of it. These vulnerabilities stem from the toctransformer function in the PDF Tabl...
EUVD-2021-34790
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...
CVE-2021-47928
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...
SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2026:1743-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1743-1 advisory. - Update to Xen 4.20.3 bug fix release bsc1027519 jscPED-8907. - CVE-2025-54505: Floating Point Divider State...
SUSE CVE-2026-43141
In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero, in such scenario rounddownpowoftwo will cause undefined behaviour and should not be performed. This...
SUSE CVE-2026-43277
In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than GHESESTATUSMAXSIZE currently, 64KB. Yet, the allocation is done with the...
SUSE CVE-2026-43441
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...
CVE-2026-42793
Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules ca...
CVE-2026-42793
CVE-2026-42793 affects absinthe-graphql/Absinthe. The vulnerability allows unauthenticated denial of service by exhausting the BEAM atom table via attacker-controlled GraphQL SDL names parsed in Absinthe’s SDL language modules (String.to_atom/1). Each unique name permanently consumes an atom-tabl...
EEF-CVE-2026-42793 Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe
Summary Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language...
CVE-2026-42793 Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe
Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules ca...
CVE-2026-42793 Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe
Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules ca...
CVE-2026-42793
Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL language modules ca...
EUVD-2026-28756
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkcthelper: fix OOB read in nfnlcthelperdumptable nfnlcthelperdumptable has a 'goto restart' that jumps to a label inside the for loop body. When the "last" helper saved in cb-args1 is deleted between dump round...
EUVD-2026-28747
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...
EUVD-2026-28602
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix sync handling in amdgpudmabufmovenotify Invalidating a dmabuf will impact other users of the shared BO. In the scenario where process A moves the BO, it needs to inform process B about the move and process B will...
CVE-2026-43450
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkcthelper: fix OOB read in nfnlcthelperdumptable nfnlcthelperdumptable has a 'goto restart' that jumps to a label inside the for loop body. When the "last" helper saved in cb-args1 is deleted between dump round...
CVE-2026-43441
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...
CVE-2026-43450
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkcthelper: fix OOB read in nfnlcthelperdumptable nfnlcthelperdumptable has a 'goto restart' that jumps to a label inside the for loop body. When the "last" helper saved in cb-args1 is deleted between dump round...
CVE-2026-43450 netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkcthelper: fix OOB read in nfnlcthelperdumptable nfnlcthelperdumptable has a 'goto restart' that jumps to a label inside the for loop body. When the "last" helper saved in cb-args1 is deleted between dump round...