39 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mshv: Fixed the check for overlap in memory regions. The current check is incorrect; it only checks whether the beginning or end of a region is within an existing region. This does not take into account cases where userspace...
CVE-2026-40174
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...
CVE-2026-40174
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...
CVE-2026-40174
Masa CMS CSRF in user address management (cUsers.updateAddress) affects versions 7.5.2 and earlier. An attacker can lure a logged-in administrator into submitting forged requests to add, modify, or delete user address records (including emails and phone numbers), potentially altering contact info...
EUVD-2026-28154
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...
CVE-2026-40174
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...
CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...
PT-2026-38226
Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The cUsers.updateAddress function fails to properly validate anti-CSRF Cross-Site Request Forger...
PT-2026-27049
Name of the Vulnerable Software and Affected Versions ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress versions up to and including 2.2.12 Description The ReviewX plugin for WordPress is susceptible to exposure of...
EUVD-2025-208833
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...
CVE-2025-55045
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...
CVE-2025-55045
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...
CVE-2025-59603 Out-of-bounds Write in Computer Vision
Memory Corruption when processing invalid user address with nonstandard buffer address...
CVE-2025-59603
CVE-2025-59603 : In the Computer Vision component, memory corruption occurs when processing an invalid user address with a nonstandard buffer address, leading to an out-of-bounds write. The CVSS 3.1 vector (Local, Low attack complexity, Low privileges) indicates a high-impact issue affecting conf...
Qualcomm Chipsets 缓冲区错误漏洞
Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. Qualcomm Chipsets have a buffer error vulnerability, which occurs due to memory corruption when processing invalid user addresses and non-standard buffer addresses...
EUVD-2023-60402
In the Linux kernel, the following vulnerability has been resolved: iommufd: Check for uptr overflow syzkaller found that setting up a map with a user VA that wraps past zero can trigger WARNONs, particularly from pinuserpages weirdly returning 0 due to invalid arguments. Prevent creating a pages...
CVE-2023-54239 iommufd: Check for uptr overflow
In the Linux kernel, the following vulnerability has been resolved: iommufd: Check for uptr overflow syzkaller found that setting up a map with a user VA that wraps past zero can trigger WARNONs, particularly from pinuserpages weirdly returning 0 due to invalid arguments. Prevent creating a pages...
EUVD-2025-205219
In the Linux kernel, the following vulnerability has been resolved: mshv: Fix create memory region overlap check The current check is incorrect; it only checks if the beginning or end of a region is within an existing region. This doesn't account for userspace specifying a region that begins befo...
CVE-2025-68743
In the Linux kernel, the following vulnerability has been resolved: mshv: Fix create memory region overlap check The current check is incorrect; it only checks if the beginning or end of a region is within an existing region. This doesn't account for userspace specifying a region that begins befo...
CVE-2025-68743
In the Linux kernel, the following vulnerability has been resolved: mshv: Fix create memory region overlap check The current check is incorrect; it only checks if the beginning or end of a region is within an existing region. This doesn't account for userspace specifying a region that begins befo...