7866 matches found
CVE-2026-0266
CVE-2026-0266 concerns a Stored Cross-Site Scripting (XSS) vulnerability in Palo Alto Networks PAN-OS web interface. The connected documents specify that an authenticated administrator can store a JavaScript payload via the PAN-OS web UI, affecting PAN-OS on PA-Series and VM-Series firewalls as w...
CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual and...
CVE-2026-49759 Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash
Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...
EUVD-2026-36053
Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...
Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass...
Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows an authenticated administrator with...
Palo Alto Networks PAN-OS 11.1.x < 11.1.14 / 11.2.x < 11.2.11 / 12.1.x < 12.1.5 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 11.1.x prior to 11.1.14, 11.2.x prior to 11.2.11, or 12.1.x prior to 12.1.5. It is, therefore, affected by a vulnerability. A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious...
CVE-2026-46442
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...
Podman 4.8.0 < 5.8.2 PowerShell Command Injection (GHSA-hc8w-h2mf-hp59)
The version of Podman installed on the remote Windows host is prior to 5.8.2. It is, therefore, affected by a command injection vulnerability in the HyperV machine backend. - A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShe...
CVE-2026-46295
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A race condition in the Advanced Programmable Interrupt Controller APIC interrupt handling can lead to an incorrect state during interrupt synchronization. This issue, occurring between a sender and target virtual...
CVE-2026-46311
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...
CVE-2026-46311 drm/amdgpu/userq: fix access to stale wptr mapping
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...
EUVD-2026-35121
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...
CVE-2026-46442
Flowise (prior to 3.1.2) is affected by authenticated remote code execution via POST /api/v1/node-custom-function when E2B_APIKEY is not configured. The endpoint lacks route-level authorization, allowing authenticated users/API keys to submit arbitrary JavaScript to Custom JS Function, which is e...
CVE-2026-43974
Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...
CVE-2025-66171
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the...
CVE-2026-25199
Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The Proxmox extension for CloudStack improperly uses a user-editable instance setting, proxmoxvmid, to associate...
CVE-2026-0238
A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...
CVE-2026-0427
Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...
CVE-2026-0256
A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...