xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...

xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB X Keyboard Extension modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory...

xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

Traefik - Open Redirect

Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-15129 info: name:...

LumisXP - Cross-site Scripting

A cross-site scripting XSS vulnerability in the XsltResultControllerHtml.jsp component of LumisXP v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via the lumPageID parameter. id: CVE-2024-33326 info: name: LumisXP - Cross-site Scripting author: 0xr2r severity: medium...

Joomla! Component Love Factory 1.3.4 - Local File Inclusion

A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...

Limit Login Attempts WordPress - Stored Cross-site Scripting

Limit Login Attempts WordPress plugin 4.0.50 contains a stored cross-site scripting caused by not escaping IP addresses controlled via headers like X-Forwarded-For before outputting them in reports, letting unauthenticated attackers execute scripts in admin context. id: CVE-2021-24657 info: name:...

[SECURITY] Fedora 44 Update: xorg-x11-server-Xwayland-24.1.12-1.fc44

Xwayland is an X server for running X clients under Wayland...

EUVD-2026-34181

OpenStack Ironic through 35.0.x allows Boot Script Injection...

CVE-2026-46447

OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driverinfo or node.instanceinfo...

QCube Cross-Site-Scripting

A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...

MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal

MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 = Maintenance Pack 36 with Servicepack 8 week 36/2025 contain an unauthenticated local file disclosure vulnerability caused by improper validation of the "Filename" parameter in the public $SCHEMAS$ resource, letting attackers read arbitrary Windows ...

SPIP BigUp Plugin - Remote Code Execution

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. id: CVE-2024-8517 info: name: SPIP BigUp Plugin - Remote Code Execution...

[SECURITY] Fedora 44 Update: xorg-x11-server-21.1.23-1.fc44

X.Org X11 X server...

PT-2026-46066

OpenStack Ironic through 35.0.x allows Boot Script Injection...

CVE-2026-46447

OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driverinfo or node.instanceinfo...

CVE-2019-25724

Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access to the hospital or Infinity Network to repeatedly trigger device reboots until the device enters a fail state requiring manu...

CVE-2019-25724 Dräger Infinity M300 VG2.x Network-Based Denial of Service

Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access to the hospital or Infinity Network to repeatedly trigger device reboots until the device enters a fail state requiring manu...

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB X Keyboard Extension modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory...