EUVD-2025-210338

Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings Security section without supplying the current password or any additional verification, as the application does not enforce a...

CVE-2025-71328

Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings Security section without supplying the current password or any additional verification, as the application does not enforce a...

CVE-2025-71328 Flowise - Unverified Password Change via Account Settings

Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings Security section without supplying the current password or any additional verification, as the application does not enforce a...

UBUNTU-CVE-2026-52926

In the Linux kernel, the following vulnerability has been resolved: batman-adv: clear current gateway during teardown batadvgwnodefree removes the gateway list entries during mesh teardown, but it does not clear the currently selected gateway. This leaves stale gateway state behind across cleanup...

EUVD-2026-38729

In the Linux kernel, the following vulnerability has been resolved: batman-adv: clear current gateway during teardown batadvgwnodefree removes the gateway list entries during mesh teardown, but it does not clear the currently selected gateway. This leaves stale gateway state behind across cleanup...

CVE-2026-52926

The CVE concerns batman-adv in the Linux kernel. During mesh teardown, batadv_gw_node_free() removes gateway list entries but fails to clear the currently selected gateway, leaving stale gateway state that can break a later mesh recreation. The remediation is to clear bat_priv->gw.curr_gw befo...

PT-2026-51642

Name of the Vulnerable Software and Affected Versions Snipe-IT affected versions not specified Description An authorization bypass exists in the BulkAssetsController::update function. The system accepts the company id variable directly from user input without utilizing the standard company-scopin...

EUVD-2026-38370

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.getcurrentplanmaxorg RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase...

EUVD-2026-38328

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

PT-2026-51408

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the public.get current plan max org RPC function. Unauthenticated attackers can use the public Supabase key to call this endpoint with any organization UUID to...

PT-2026-51360

Name of the Vulnerable Software and Affected Versions Autodesk Fusion Desktop affected versions not specified Description A flaw in the MCP extension allows arbitrary code execution when a user visits a maliciously crafted webpage while the software is running and the extension is enabled. A...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: “smack”: fixed a bug where an unprivileged task could create labels. If an unprivileged task is allowed to relabel itself "/smack/relabel-self is not empty", it can freely create new labels by writing their names into its own...

Astra Linux – Vulnerability in LibreOffice

Versions of Apache OpenOffice prior to 4.1.14 may be configured to add an empty entry to the Java class path. This may allow for the execution of arbitrary Java code from the current directory...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Do not balance tasks to their current running CPUs. We encountered a situation where the balancer attempts to balance a migrated task with disabled status, triggering a warning in settaskcpu. The detailed error messag...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed the RX consumer index logic in the error path. In bnxtrxpkt, the RX buffers are expected to complete in order. If the RX consumer index indicates an out-of-order buffer completion, it means we are encountering a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: um: initcputasks earlier. This issue is currently addressed in umlfinishsetup. However, for example, when KCOV is enabled, this can still cause crashes, as some initialization code may call functions like memparse, which have...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: udf: The use of uninit-value in udfgetfileshortad has been fixed. A check for overflow was added when calculating alen in udfcurrentaext, to mitigate potential issues with uninit-value usage in udfgetfileshortad. This is related ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Power: Supply: gpio-charger: Fixed the issue related to setting charge current limits. The issue involved devices that allow the lowest charge current limit to be greater than zero. If the requested charge current limit is below...

Astra Linux – Vulnerability in qtbase-opensource-src

In Qt 5.9.x through 5.15.x before 5.15.9, and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when it was not found in the PATH...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: schedext: The deadlock caused by SCXKICKWAIT was fixed by deferring the wait until the target CPU’s kickSYNC progresses. The busy-waiting mechanism in kickcpusirqworkfn uses smpCondLoadAcquire until the target CPU’s kickSYNC...