326 matches found
CVE-2026-46055
In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termination When booting Ubuntu 26.04 with Linux 7.0-rc4 on an ARM64 Qualcomm Snapdragon X1 we see a string buffer overrun: BUG: KASAN: slab-out-of-bounds in aadfamatch...
PT-2026-43922
In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termination When booting Ubuntu 26.04 with Linux 7.0-rc4 on an ARM64 Qualcomm Snapdragon X1 we see a string buffer overrun: BUG: KASAN: slab-out-of-bounds in aa dfa match...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: ucsiacpi: Increase the command completion timeout Commit 130a96d698d7 "usb: typec: ucsi: acpi: Increase command completion timeout value" increased the timeout from 5 seconds to 60 seconds due to issues related to alternate...
Exploit for Cross-Site Request Forgery (CSRF) in Ilevia Eve_X1_Server_Firmware
No d...
Blue Access Cobalt X1 安全漏洞
Blue Access Cobalt X1 is an access control and access management system software from Blue Access USA. A security vulnerability exists in Blue Access Cobalt X1 that stems from an authentication bypass that could allow an attacker to manipulate web application functionality without legitimate...
📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation
A critical privilege escalation vulnerability exists in Ilevia EVE X1/X5 Server versions 4.7.18.0.eden and below. This is a proof of concept exploit written in PHP...
CVE-2025-14276
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
EUVD-2025-201816
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
CVE-2025-14276
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
CVE-2025-14276
CVE-2025-14276 affects Ilevia EVE X1 Server (versions up to 4.6.5.0.eden). The vulnerability is described as a command injection in an unknown function of the file /ajax/php/leaf_search.php, caused by manipulation of the argument line. It can be triggered remotely, with a high attack complexity a...
CVE-2025-14276 Ilevia EVE X1 Server leaf_search.php command injection
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leafsearch.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
Ilevia EVE X1 Server 命令注入漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A command injection vulnerability exists in Ilevia EVE X1 Server version 4.6.5.0.eden and prior versions, which stems from incorrect manipulation of the parameter line in the file /ajax/php/leafsearch.php, which coul...
PT-2025-49597
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf search.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high degree of complexity is needed for the...
We have achieved FreeBSD 15.0-REL with KDE Plasma
Houston, we have installed FreeBSD 15.0-REL with KDE Plasma 6.4.5 on a Lenovo ThinkPad X1 Carbon Gen 6 laptop. I have come full circle. I used to daily drive FreeBSD 5.x on a Thinkpad a20p in the early 2000s. Today I used the "technology preview" method for pkg installation, too. I posted this fr...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
EUVD-2025-199599
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...
CVE-2025-60739
CVE-2025-60739 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Ilevia EVE X1 Server Firmware versions prior to v4.7.18.0.eden and Ilevia EVE Logic prior to v6.00 - 2025_07_21. The issue is exploitable through the /bh_web_backend component, enabling a remote attacker to execute arbi...
CVE-2025-60739
Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...