162631 matches found
crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation
A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...
Important: Red Hat Security Advisory: samba security update
An update for samba is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
SUSE CVE-2026-44740
Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...
EUVD-2026-34055
The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...
CVE-2026-9732
The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...
CVE-2026-7421
The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...
EUVD-2025-210055
An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...
PT-2026-45939
Missing input validation in the rfapiRibBi2Ri function rfapi rib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
CVE-2026-37460
Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
PT-2026-46267
Name of the Vulnerable Software and Affected Versions Net::CIDR::Set versions prior to 0.21 Description The software fails to validate IP addresses. The add function calls the encode function to parse addresses; if the input does not resemble netmasks or network ranges, it is treated as a single ...
EUVD-2026-34083
Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
RockyLinux 10 : galera and mariadb11.8 (RLSA-2026:19021)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19021 advisory. MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSONSCHEMAVALID function vulnerability CVE-2026-32710 Tenable has extracted the preceding...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : rsync vulnerabilities (USN-8349-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8349-1 advisory. Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote...
CVE-2026-36460
Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...
PT-2026-45962
crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints The crypton-x509-validation and crypton-x509 libraries did not enforce the X.509 Name Constraints extension during certificate validation. The Name Constraints extension is a critical X.509 extension that restricts the...
PT-2026-45921
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
PT-2026-46100
Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...
PT-2026-46083
Certain URLs passed to the redirect function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the redirect. !NOTE This does not impact your React Router application if you are using Declarative Mode...
lwext4 安全漏洞
lwext4 is an embedded library developed by Grzegorz Kostka for microcontrollers, which provides ext2/3/4 file systems. Version 1.0.0 of lwext4 contains a security vulnerability. This vulnerability stems from the lack of validation for lbsize in the ext4blocksetlbsize function, resulting in a zero...
MBS多款产品 输入验证错误漏洞
MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have a vulnerability related to input validation errors. This vulnerability stems from the insufficient input validation provided by the ugw-logstop method,...