Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Ensure that sndnxt is properly initialized upon connection. Christoph reported a crash hinting at a corrupted snduna: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 mptcpcleanuna+0x4b3/0x620 net/mptcp/protocol.c:1005...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Ensure that snduna is properly initialized upon connection. This issue is strictly related to the commit fb7a0d334894 „mptcp: Ensure that sndnxt is properly initialized upon connection“. It turns out that syzkaller can...

UNA CMS <= 14.0.0-RC4 - PHP Object Injection

The vulnerability is located in the /template/scripts/BxBaseMenuSetAclLevel.php script. Specifically, within the BxBaseMenuSetAclLevel::getCode method. When calling this method, user input passed through the "profileid" POST parameter is not properly sanitized before being used in a call to the...

EUVD-2025-201274

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

CVE-2025-66571

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

CVE-2025-66571

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

CVE-2025-66571 UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

CVE-2025-66571

UNA CMS versions 9.0.0-RC1 through 14.0.0-RC4 are affected by a PHP object injection in BxBaseMenuSetAclLevel.php. The profile_id POST parameter is passed to PHP unserialize() without proper handling, enabling remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write...

CVE-2025-66571 UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

UNA 代码问题漏洞

UNA is a suite of full-stack software platforms for building custom community websites, social networks, and collaboration centers from UNA. A code issue vulnerability exists in UNA versions 9.0.0-RC1 through 14.0.0-RC4, which stems from improper handling of the deserialization of the profileid...

PT-2025-49139

Name of the Vulnerable Software and Affected Versions UNA CMS versions 9.0.0-RC1 through 14.0.0-RC4 Description The software contains a PHP object injection issue in the BxBaseMenuSetAclLevel.php component. The profile id POST parameter is passed to the PHP unserialize function without sufficient...

EUVD-2019-5935

Malware in sbrugna...

EUVD-2019-5934

Malware in sbrugna...

EUVD-2005-3226

Malware in sbrugna...

CVE-2019-14804

studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing...

CVE-2019-14805

studio/buildermenu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing...

📄 UNA CMS 14.0.0-RC4 PHP Object Injection

UNA CMS versions 14.0.0-RC4 and below suffer from a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php. ------------------------------------------------------------------------------------ UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability...

UNA CMS 14.0.0-RC - PHP Object Injection

Exploit Title: UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability Author: Egidio Romano aka EgiX Software link.......: https://unacms.com - Software Links: https://unacms.com https://github.com/unacms/una - Affected Versions: All versions from 9.0.0-RC1 to 14.0.0-RC...

kernel: mptcp: ensure snd_una is properly initialized on connect

A vulnerability was found in the Linux kernel's match component in the initialization of the snduna variable while establishing a connection. The issue arises when retransmission occurs after a fallback, leaving the snduna sequence number uninitialized, leading to unpredictable behavior and...

kernel: mptcp: ensure snd_una is properly initialized on connect

A vulnerability was found in the Linux kernel's match component in the initialization of the snduna variable while establishing a connection. The issue arises when retransmission occurs after a fallback, leaving the snduna sequence number uninitialized, leading to unpredictable behavior and...