Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fixed a possible warning in privcmdioctlmmapresource. Since ‘kdata.num’ is a user-controlled data, if the user attempts to allocate memory larger than MAXORDER, then kcalloc will fail. This will generate a stack trac...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010934)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010934 advisory. In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmdioctlmmapresource As 'kdata.num' is user-controlled...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007471 advisory. In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmdioctlmmapresource As 'kdata.num' is user-controlled...

cross-site-scripting-lab

XSS Lab Documentation Overview What Is Cross-Site Scr...

EUVD-2026-13374

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions up to and including 8.9.2 contain an unsafe deserialization vulnerability in the SavedSearch filter processing component that allows an authenticated administrator to execute arbitrary...

SUSE-SU-2026:0767-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2025-12781: inadequate parameter check can cause data integrity issues bsc1257108. - CVE-2025-1528...

CVE-2026-27120

Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character a...

Security update for python

This update for python fixes the following issues: CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. bsc1257031 CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines can allow injecting HTTP header...

MindsDB 安全漏洞

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A security vulnerability exists in MindsDB versions prior to 25.11.1, which stems from user-controlled data in the File Upload API being spliced directly to a file system path, potentially leading to a path traversal...

CVE-2021-0607

In iaxxxcalci2sdiv of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-50575

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: Fix a possible warning in privcmdioctlmmapresource As 'kdata.num' is user-controlled data, if user tries to allocate memory larger than= MAXORDER, then kcalloc will fail, it creates a stack trace and messes up dmesg...

EUVD-2021-1400

Malware in sbrugna...

EUVD-2018-19729

Malware in sbrugna...

EUVD-2022-53141

Malicious code in bioql PyPI...

EUVD-2023-29512

Malicious code in bioql PyPI...

EUVD-2022-24683

Malicious code in bioql PyPI...

EUVD-2022-41277

Malicious code in bioql PyPI...

EUVD-2021-3226

Malicious code in bioql PyPI...

command-injection-payload-list

It is an offensive tool for web application security. The primary CVE ID is not explicitly mentioned, but the description pertains to OS command injection vulnerabilities. The target product/service is web applications, and the vulnerability class/vector is OS command injection. Notable...

📄 ABB Cylon Aspect 3.08.03 Java/PHP Log Forging

Multiple PHP and Java components across the system fail to properly sanitize user-supplied input before including it in application logs. In PHP, files like supervisorProxy.php directly embed values such as $SERVER'REQUESTURI' and raw POST bodies into log messages without filtering, enabling...