12 matches found
CVE-2026-46385
Summary (CVE-2026-46385) iskorotkov/avro’s Go Avro decoder can trigger remote, unauthenticated CPU exhaustion by looping up to math.MaxInt64 iterations when decoding large attacker-controlled block counts, because inner loops did not check the reader’s error state after each decode. Affected: git...
Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization
Summary Portainer proxies requests to Kubernetes clusters through a middleware layer kubeClientMiddleware that validates the requesting user's token before forwarding traffic to the cluster. When security.RetrieveTokenData returned an error, the middleware wrote an HTTP 403 response but was missi...
CVE-2026-42887
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...
PT-2026-4083
Name of the Vulnerable Software and Affected Versions matiskiba Ravpage versions prior to 2.33 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to...
webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability...
flusity CMS Security Vulnerability
flusity CMS is a user interactive interface solution where code can be easily changed or added. A security vulnerability exists in flusity CMS version 2.33, which stems from an unrestricted upload of dangerously typed files allowed in updatesetting.php...
flusity CMS Security Vulnerability
flusity CMS is a user-interactive interface solution that can be easily changed or added to code. A security vulnerability exists in flusity CMS version v2.33, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML...
flusity CMS Security Vulnerability
flusity CMS is a user interactive interface solution where code can be easily changed or added. A security vulnerability exists in flusity CMS version v2.33, which was discovered to contain a cross-site request forgery CSRF vulnerability via the component /core/tools/deleteplace.php...
flusity CMS Cross-Site Request Forgery Vulnerability
flusity CMS is a user interaction interface solution where code can be easily changed or added. A cross-site request forgery vulnerability exists in flusity CMS version v2.33, which stems from a cross-site request forgery CSRF vulnerability in component /core/tools/updatemenu.php...
flusity CMS Security Vulnerability
flusity CMS is a user interactive interface solution where code can be easily changed or added. A security vulnerability exists in flusity CMS version v.2.33. A remote attacker can exploit this vulnerability to execute arbitrary code via addcustomblock.php...
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller leading to a denial of service (application crash) or possibly unspecified other impact.
...
GNU C Library 资源管理错误漏洞
The GNU C Library glibc, libc6 is an open source, free C language compiler released under the LGPL license. A resource management error vulnerability exists in GNU C Library versions 2.33 through 2.33, which can be exploited by an attacker to cause a denial of service...