25 matches found
Astra Linux – Vulnerability in Mariadb 10.3
A issue was discovered in the Field::setdefault component of MariaDB Server v10.6 and earlier versions. This issue allows attackers to cause a Denial of Service DoS attack through specially crafted SQL statements...
PT-2026-40928
Name of the Vulnerable Software and Affected Versions Verba versions prior to 10.0.6 Description A Stored Cross-Site Scripting XSS issue exists in the login logging mechanism. An unauthenticated remote attacker can inject a malicious payload into the username field during a failed login attempt...
UBUNTU-CVE-2026-37459
An integer underflow in FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
CVE-2026-37458
CVE-2026-37458 involves FRRouting (FRR) with a missing input validation in the MP_REACH_NLRI component, affecting FRR stable/10.0 to stable/10.6. An authenticated attacker can cause a Denial of Service by sending a crafted UPDATE message. The available connected documents confirm the affected sof...
openSUSE 16 Security Update : ghostscript (openSUSE-SU-2026:20592-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20592-1 advisory. Update to version 10.06.0. Security issues fixed: - CVE-2025-59800: an integer overflow can lead to a heap-based buffer overflow in ocrline8...
MiracleLinux 8 : pki-deps:10.6 (AXSA:2021-2278:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2278:01 advisory. resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class CVE-2020-1695 Tenable has extracted the preceding description block...
MiracleLinux 8 : pki-deps:10.6 (AXSA:2024-8412:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8412:01 advisory. jackson-databind: denial of service via a large depth of nested objects CVE-2020-36518 Tenable has extracted the preceding description block directly from th...
RHSA-2025:14126 Red Hat Security Advisory: pki-deps:10.6 security update
Bulletin has no description...
RHSA-2025:14116 Red Hat Security Advisory: pki-deps:10.6 security update
Bulletin has no description...
BIT-MARIADB-MIN-2022-27457
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...
CVE-2024-5077
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2025-27103
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass for the patch for CVE-2024-55953 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. ...
CVE-2024-9306
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WordPress plugin WP Booking Calendar 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
UBUNTU-CVE-2023-22500
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by...
UBUNTU-CVE-2023-22724
GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting XSS payloads inside RSS links. Victims who wish to visit an RSS conten...
SUSE-SU-2022:3159-1 Security update for mariadb
This update for mariadb fixes the following issues: - Updated to 10.6.9: - CVE-2022-32082: Fixed a reachable assertion that would crash the server bsc1201162. - CVE-2022-32089: Fixed a segmentation fault that coudl be triggered via a crafted query bsc1201169. - CVE-2022-32081: Fixed a buffer...
An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
...
UBUNTU-CVE-2021-39898
In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from...
IBM Security Secret Server Information Disclosure Vulnerability (CNVD-2020-74624)
IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. An information disclosure vulnerability exists in IBM Security Secret Serve...