372486 matches found
CVE-2026-53370
The CVE pertains to the Linux kernel perf/x86/intel ACR mask handling. The issue involves user-space ACR mask validation (attr.config2) allowing invalid indices to slip in, and an early return bug that skipped subsequent ACR groups. The remediation explicitly: determine the event index group for ...
CVE-2026-53369
The CVE-2026-53369 entry describes a Linux kernel UDF parsing flaw in udf_read_tagged where descCRCLength + sizeof(struct tag) can exceed the block size, allowing a crafted UDF image to bypass CRC validation and have the descriptor accepted solely on the 8-bit tag checksum. The fix rejects descri...
CVE-2026-53368
CVE-2026-53368 relates to the Linux kernel f2fs filesystem. The root cause was a race between f2fs_need_dentry_mark() and __write_node_folio() where nat_entry/inode state could be inconsistent due to unsynchronized access to flags around the checkpoint path. The fix moves set_dentry_mark() into _...
CVE-2026-53367
CVE-2026-53367 concerns the Linux kernel where SELinux’s avdcache auditing was incorrect. The per-task avdcache saved and reused the audited vector produced by avc_audit_required() instead of recomputing it for the currently requested permissions, and it failed to distinguish between denied and a...
CVE-2026-16226
SourceCodester Pizzafy Ecommerce System 1.0 is affected. The vulnerability resides in /admin/admin_class_novo.php via the save_settings function, where manipulating the img argument enables unrestricted upload. This can be exploited remotely, with impact limited to uncontrolled file upload. No re...
CVE-2026-16225
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-16224
The CVE-2026-16224 entry concerns jxxghp MoviePilot (up to version 2.13.5) with the vulnerability located in the /jxxghp/MoviePilot file inside the Application API component. The issue arises from an improper authorization in an unknown function, enabling remote exploitation. A patch is available...
CVE-2026-16223
1Panel-dev CordysCRM up to 1.4.1 is affected in the Third Party Edit Endpoint, specifically the IntegrationConfigService.getSqlBotSrc function. A manipulated appSecret can trigger server-side request forgery (SSRF) and the issue can be exploited remotely. The exploit has been publicly disclosed a...
CVE-2026-16222
CVE-2026-16222 affects 1Panel-dev CordysCRM up to version 1.4.1. The vulnerability involves server-side request forgery caused by manipulating the mkAddress argument in the TokenService.java file under the Third Party Endpoint (backend/crm/src/main/java/cn/cordys/crm/integration/sso/service/Token...
CVE-2026-16220
CVE-2026-16220 affects code-projects Online Examination System 1.0. The vulnerability resides in unknown code handling the parameter eid/n/t in /account.php?q=quiz, enabling cross-site scripting through manipulation of that argument. Impact details stated include remote feasibility with low to mo...
CVE-2026-16219
CVE-2026-16219 affects Croogo CMS versions up to 4.0.7. The vulnerability lies in the Admin File Manager component, specifically FileManager::isEditable in FileManager/src/Utility/FileManager.php, leading to path traversal. Exploitation can be performed remotely; a working exploit has been publis...
CVE-2026-16218
Technical details for CVE-2026-16218 are not publicly available in the provided documents; no affected versions, root cause specifics, or remediation are disclosed here. Monitor for updates.
CVE-2026-16217
CVE-2026-16217 affects guohongze adminset up to 0.61. The vulnerability lies in delivery/deli.py where manipulating project_id bypasses authorization, enabling a remote attack. Public exploit disclosed; project maintainer notified early via issue report but no response. CVSS metrics indicate MEDI...
CVE-2026-16216
Geex-arts django-jet up to 1.0.8 contains a CSRF flaw in the OAuth Handler that can be exploited remotely. The vulnerability enables cross-site request forgery and is public, with no response from the project to the issue. The CVE reports a MEDIUM severity (CVSS 3.x/4.x family) and indicates no l...
CVE-2026-16215
CVE-2026-16215 concerns geex-arts django-jet up to 1.0.8. The flaw affects the OAuth Credential Revoke Handler component; a manipulation can lead to missing authorization. The vulnerability is exploitable remotely, with public exploit availability reported. Affected status is stated, but the exac...
CVE-2026-16214
CVE-2026-16214 affects geex-arts django-jet up to version 1.0.8, specifically the Dashboard Module’s jet/dashboard/views.py component. The documentation reports an authorization bypass vulnerability caused by manipulation of an unknown function, with remote exploitation possible and a publicly av...
CVE-2026-16213
Summary of vulnerability (CVE-2026-16213) : In Fantomas42 django-blog-zinnia (up to 0.20), a flaw affects an unknown function in the file zinnia/views/mixins/entry_protection.py (Protected Entry Password Handler). The manipulation leads to the cleartext storage of sensitive information . Exploita...
CVE-2026-16212
CVE-2026-16212 affects awesto django-shop up to 1.2.4. The vulnerability targets an unknown function in the file shop/models/inventory.py of the Purchase Stock Handler, causing a race condition. The issue can be exploited remotely with high complexity; exploitation status is publicly available (P...
CVE-2026-16211
CVE-2026-16211 affects Allegro Ralph, specifically the Hostname Allocation Handler’s function AssetLastHostname.increment_hostname in the file src/ralph/assets/models/assets.py . The vulnerability arises from a manipulation of the argument counter that can cause a race condition . Documents indic...
CVE-2026-16210
The CVE-2026-16210 entry affects newpanjing simpleui version 2026.01.13, specifically the AjaxAdmin AJAX Endpoint in the file simpleui/admin.py. The issue stems from the function self.get_action, where manipulated input leads to missing authentication, enabling remote exploitation. An exploit has...