38504 matches found
Open Source Social Network(OSSN) 资源管理错误漏洞
Open Source Social Network OSSN is a social network engine developed by the OSSN team in Switzerland. Prior to version 9.0 of Open Source Social Network OSSN, there was a resource management vulnerability. This vulnerability stemmed from resource exhaustion, which could allow attackers to upload...
PT-2026-35006
In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in mmap region commit 605f6586ecf7 "mm/vma: do not leak memory when .mmap prepare swaps the file" handled the success path by skipping get file via file doesnt need get, but missed the error path. When...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a zero-division error in pixclock within tdfxfb...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the staging sm750fb driver’s pstohz function not verifying that pixclock is non-zero, resulting i...
Rocket.Chat 访问控制错误漏洞
Rocket.Chat is a chat software developed by the Rocket.Chat company. Vulnerabilities in access control existed in versions prior to 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10. These vulnerabilities stem from spelling errors in the permission checks for the /api/apps/lo...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of interface 0 space pointer dereferencing in us144mkii...
PT-2026-34957
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A divide-by-zero error exists in the udlfb driver within the fbdev subsystem. The issue occurs during the processing of 'FBIOPUT VSCREENINFO' because the driver uses the pixclock variabl...
PT-2026-34972
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the ALSA usx2y driver for the TASCAM US-144MKII device. A malicious USB device can provide a configuration containing bInterfaceNumber=1 without an...
PT-2026-34970
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A divide-by-zero error exists in the tdfxfb driver within the fbdev subsystem. The issue occurs during the FBIOPUT VSCREENINFO operation because the driver uses the pixclock variable...
PT-2026-34955
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A division by zero occurs in the ps to hz function. This happens because hw sm750 crtc set mode calls ps to hz without verifying that the pixclock variable is non-zero. An attacker can...
PT-2026-35023
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An information leak exists in the build report function within xfrm user. The struct xfrm user report contains a u8 proto field followed by a struct xfrm selector, resulting in three byt...
CVE-2026-26210
KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balanceserve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads without validation. Attackers can...
Exploit for CVE-2026-34159
CVE-2026-34159 0 Click RCE exploit for CVE-20...
CVE-2026-41279 Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint POST /api/v1/text-to-speech/generate is whitelisted no auth and accepts a credentialId directly in the request body. When called without a chatflowId, th...
EUVD-2026-25287
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and...
CVE-2026-41267
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...
CLSA-2026-1776959688 busybox: Fix of 4 CVEs
CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...
CVE-2026-41239
CVE-2026-41239 affects DOMPurify. From v1.0.10 up to but not including v3.4.0, SAFE_FOR_TEMPLATES incorrectly strips mustache/templating expressions in untrusted HTML when RETURN_DOM/RETURN_DOM_FRAGMENT are used, enabling XSS in template-evaluating frameworks (e.g., Vue 2). The issue is triggered...
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to include an extra se...
Important: Red Hat Security Advisory: .NET 9.0 security update
An update for .NET 9.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...