MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting

paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...

CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

CVE-2026-45983

In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops e.g. SETATTR can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time limit, cachecheck wil...

TP-Link多款产品 安全漏洞

TP-Link Archer RE650, among others, are products of the Chinese company TP-Link. The TP-Link Archer RE650 is a dual-band Gigabit wireless signal extender. The TP-Link Archer RE305 is also a dual-band Gigabit wireless signal extender. The TP-Link Archer RE360 is a wireless repeater that supports...

CVE-2026-28761

Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected product, unexpected operations may be done...

CVE-2026-28761

Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected product, unexpected operations may be done...

CVE-2026-28761

Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected product, unexpected operations may be done...

CVE-2026-24662

Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the informati...

Multiple vulnerabilities in "Musetheque V4 Information Disclosure for IPKNOWLEDGE"

Overview Musetheque V4 Information Disclosure for IPKNOWLEDGE provided by Fujitsu Japan Limited contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-24662 Cross-site request forgery CWE-352 - CVE-2026-28761 Nozomi Iimura, Sho Odagiri of GMO Cybersecurity by Ierae...

Fujitsu Musetheque V4 跨站请求伪造漏洞

Fujitsu Musetheque V4 is a digital archive and collection information management system developed by Fujitsu for museums and cultural institutions. Versions of Fujitsu Musetheque V4 prior to rev2203.0 contained a cross-site request forgeing vulnerability. This vulnerability arises from cross-site...

Fujitsu Musetheque V4 跨站脚本漏洞

Fujitsu Musetheque V4 is a digital archive and collection information management system developed by Fujitsu for museums and cultural institutions. Fujitsu Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier versions contained a cross-site scripting vulnerability. This...

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: added error handling to avoid out-of-bounds access. If sdmav40irqidtoseq returns -EINVAL, the process should be stopped to prevent out-of-bounds reading; therefore, -EINVAL should be returned directly...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-014302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014302 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, on...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007035)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007035 advisory. In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4endgrace Writing to v4endgrace can race with server shutdown and resu...

GO-2026-4909 Missing validation decoding Index v4 files leads to panic in github.com/go-git/go-git

Missing validation decoding Index v4 files leads to panic in github.com/go-git/go-git...

CVE-2026-33693

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL

Impact Users providing user generated input into the resolveEndpoint method on requests. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description When building the request URL, Saloon combined the connector's base URL with the request...

CVE-2026-32609 Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...