106 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: netconsole: The sumutex must be acquired before navigating the configs hierarchy. There is a race between operations that iterate over the cgchildren list and concurrent additions/removals of userdata items through configfs. The...
CVE-2026-41229
Froxlor is open source server administration software. Prior to version 2.3.6, PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, t...
CVE-2026-41229 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)
Froxlor is open source server administration software. Prior to version 2.3.6, PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, t...
CVE-2026-41229
Summary (CVE-2026-41229) Froxlor prior to v2.3.6 contains a PHP code injection flaw in the generation of userdata.inc.php. PhpHelper::parseArrayToString() writes string values into single-quoted PHP literals without escaping single quotes. When an admin with change_serversettings updates a MySQL ...
CVE-2026-41229 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)
Froxlor is open source server administration software. Prior to version 2.3.6, PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, t...
CVE-2026-6592
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...
CVE-2026-6592 ComfyUI userdata Endpoint user_manager.py getuserdata cross site scripting
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...
EUVD-2026-23737
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/usermanager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclose...
PT-2026-33686
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclos...
GHSA-GC9W-CC93-RJV8 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)
Summary PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, the privilegeduser parameter which has no input validation is written...
TOTOLINK A7000R Command Injection Vulnerability
The TOTOLINK A7000R is a wireless router produced by TOTOLINK Corporation. The Totolink A7000R version 4.1cu.4154 contains a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter url in the CloudACMunualUpdateUserdata function located in the...
SUSE CVE-2025-68319
In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire sumutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cgchildren list and concurrent add/remove of userdata items through configfs. The updateuserdata...
EUVD-2025-203750
In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire sumutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cgchildren list and concurrent add/remove of userdata items through configfs. The updateuserdata...
CVE-2025-68319
In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire sumutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cgchildren list and concurrent add/remove of userdata items through configfs. The updateuserdata...
CVE-2025-68319
In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire sumutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cgchildren list and concurrent add/remove of userdata items through configfs. The updateuserdata...
CVE-2025-68319 netconsole: Acquire su_mutex before navigating configs hierarchy
In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire sumutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cgchildren list and concurrent add/remove of userdata items through configfs. The updateuserdata...
CVE-2025-68319 netconsole: Acquire su_mutex before navigating configs hierarchy
In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire sumutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cgchildren list and concurrent add/remove of userdata items through configfs. The updateuserdata...
CVE-2025-68319
The CVE-2025-68319 entry describes a Linux kernel race in netconsole related to iterating over the userdata cg_children list via configfs. The issue arises when concurrent add/remove operations occur while update_userdata() or count_extradata_entries() traverse the same list, potentially causing ...
Linux Distros Unpatched Vulnerability : CVE-2025-68319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netconsole: Acquire sumutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cgchildren list and concurrent...
PT-2025-51731
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists within the netconsole component of the Linux kernel when iterating over the cg children list in conjunction with concurrent additions or removals of userdata item...