[SECURITY] [DSA 6228-1] cpp-httplib security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6228-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2026 https://www.debian.org/security/faq -...

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

EUVD-2026-21047

Beszel has an IDOR in hub API endpoints that read system ID from URL parameter...

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate authorization checks in the containerRequestHandler process. An attacker can gain unauthorized access to sensitive system information and trigger actions on systems they do not belong to b...

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

CVE-2026-40077 Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

CVE-2026-40077 Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

CVE-2026-40077

Summary: CVE-2026-40077 describes an IDOR in Beszel’s hub API endpoints that read a system ID from URL parameters. Prior to version 0.18.7, an authenticated user could access routes for any system if they knew the system ID, with system IDs being 15-character alphanumeric tokens and container IDs...

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

PT-2026-31706

Name of the Vulnerable Software and Affected Versions Beszel versions prior to 0.18.7 Description Beszel is a server monitoring platform. Some API endpoints in the Beszel hub accept a user-supplied system ID without verifying user access permissions. This allows authenticated users to access rout...

EUVD-2018-17569

Malware in sbrugna...

WordPress plugin Theater for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

SES Input Validation Error Vulnerability

SES is a JavaScript environment for securely executing arbitrary programs in Compartments. An input validation error vulnerability exists in SES, which stems from a security flaw in the confinement of guest applications that could be exploited by an attacker to steal information or execute...

SUSE CVE-2018-5801

An error within the "LibRaw::unpack" function src/librawcxx.cpp in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference...

DEBIAN-CVE-2018-5802

An error within the "kodakradcloadraw" function internal/dcrawcommon.cpp related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash...

DEBIAN-CVE-2018-5801

An error within the "LibRaw::unpack" function src/librawcxx.cpp in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference...

LibRaw 'LibRaw::unpack' function null pointer backreference vulnerability

LibRaw is a C++ library for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A null pointer back-reference vulnerability exists in the 'LibRaw::unpack' function src/librawcxx.cpp file in versions of LibRaw prior to 0.18.7. An attacker can exploit this vulnerability with a specially...

LibRaw 'LibRaw::kodak_ycbcr_load_raw()' function heap buffer overflow vulnerability

LibRaw is a C++ library developed by the LibRaw team for processing RAW CRW/CR2, NEF, RAF, DNG and others format images. A heap buffer overflow vulnerability exists in the 'LibRaw::kodakycbcrloadraw' function in versions prior to LibRaw 0.18.7 file internal/dcrawcommon.cpp. An attacker could...

UBUNTU-CVE-2018-5801

An error within the "LibRaw::unpack" function src/librawcxx.cpp in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference...