15 matches found
libfuse Use-After-Free / NULL Pointer Dereference
Two memory safety vulnerabilities in libfuse's iouring code path introduced in 3.18.0 have been fixed in libfuse 3.18.2. Only the iouring transport is affected; the traditional /dev/fuse path is not. One is a use-after-free in the iouring session shutdown path. A local user can crash the FUSE...
EUVD-2026-16579
Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...
CVE-2026-25100
Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...
CVE-2026-25100
Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...
CVE-2026-25100
Bludit- CVE-2026-25100: Stored XSS in image upload. An authenticated attacker with content-upload privileges (Author/Editor/Administrator) can upload an SVG payload; the payload executes when a victim visits the uploaded resource URL. The resource is accessible without authentication. Affected: a...
CVE-2026-33150
CVE-2026-33150 affects libfuse: the io_uring subsystem vulnerability exists from 3.18.0 up to just before 3.18.2. When io_uring thread creation fails due to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring pool but stores a dangling pointer in the session state, caus...
CVE-2026-33179
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...
EUVD-2026-13794
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...
CVE-2026-33179 libfuse: NULL Pointer Dereference and Memory Leak in io_uring Queue Initialization
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...
CVE-2026-33179
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...
PT-2026-26679
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuse uring init queue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numa alloc local fails during io uring queue...
EUVD-2023-50824
Malicious code in bioql PyPI...
SUSE-SU-2025:20457-1 Security update for helm
This update for helm fixes the following issues: Update to version 3.18.3: builddeps: bump golang.org/x/crypto from 0.38.0 to 0.39.0 6838ebc dependabotbot fix: user username password for login 5b9e2f6 Terry Howe Update pkg/registry/transport.go 2782412 Terry Howe Update pkg/registry/transport.go...
CVE-2023-46622
Unauth. Reflected Cross-Site Scripting XSS vulnerability in ollybach WPPizza – A Restaurant Plugin plugin = 3.18.2 versions...
SUSE CVE-2015-7496
GNOME Display Manager gdm before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key...