CVE-2026-23991 affecting package gh for versions less than 2.62.0-13

CVE-2026-23991 affecting package gh for versions less than 2.62.0-13. A patched version of the package is available...

Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5 jscSLE-23879. Security issues fixed: CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs bsc1250620. CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause...

cosign-3.0.5-1.1 on GA media (moderate)

cosign-3.0.5-1.1 on GA media Announcement ID: openSUSE-SU-2026:10235-1 Rating: moderate Cross-References: CVE-2026-22772 CVE-2026-23991 CVE-2026-23992 CVE-2026-24122 CVE-2026-24137 CVE-2026-26958 CVSS scores: CVE-2026-22772 SUSE : 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2026-22772 SU...

CVE-2026-23991

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...

CVE-2026-23991 vulnerabilities

Vulnerabilities for packages: crossplane, docker, gh, ko, sigstore-scaffolding, kyverno-notation-aws, gitsign, aactl, buildkitd, rekor, ratify, flux-source-controller, falcoctl, policy-controller, spire-server, tekton-chains, trivy-operator, tkn, kyverno, neuvector-sigstore-interface, kubescape,...

CVE-2026-23991

creationtimestamp| type| source ---|---|--- 2026-01-22 05:19:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcygrg6gy32t 2026-01-24 21:23:10+00:00| seen| https://gist.github.com/alon710/8f0590d74887d1a2e3248d957e30ec8e 2026-01-24 22:20:35+00:00| seen|...

AZL-75186 CVE-2026-23991 affecting package gh 2.62.0-10

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...

Linux Distros Unpatched Vulnerability : CVE-2026-23991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors...

CVE-2025-23991

Missing Authorization vulnerability in Dotstore Product Size Charts Plugin for WooCommerce woo-advanced-product-size-chart.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through = 2.4.5...

CVE-2025-23991

creationtimestamp| type| source ---|---|--- 2025-01-24 16:04:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2932 2025-01-24 17:45:12+00:00| seen| https://t.me/cvedetector/16296...

CVE-2025-23991 WordPress Product Size Charts Plugin for WooCommerce plugin <= 2.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Dotstore Product Size Charts Plugin for WooCommerce woo-advanced-product-size-chart.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through = 2.4.5...

CVE-2025-23991 WordPress Product Size Charts Plugin for WooCommerce plugin <= 2.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Dotstore Product Size Charts Plugin for WooCommerce woo-advanced-product-size-chart.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through = 2.4.5...

CVE-2025-23991

CVE-2025-23991 describes a Missing Authorization (Broken Access Control) vulnerability in the DotStore Product Size Charts Plugin for WooCommerce, affecting Product Size Charts Plugin for WooCommerce versions up to 2.4.5. The issue is corroborated by multiple sources (NVD, Red Hat, CVE lists) and...

CVE-2024-5924

Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit...

CVE-2024-5924 Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability

Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit...

CVE-2023-23991

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3...

CVE-2023-23991

Summary of CVE-2023-23991 (WordPress Booking Calendar plugin) : The vulnerability affects the Booking Calendar plugin for WordPress, specifically versions up to and including 9.4.3. It is caused by improper neutralization of certain elements in SQL queries, resulting in a SQL Injection. The issue...

CVE-2023-23991 WordPress Booking Calendar plugin <= 9.4.3 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3...

CVE-2023-23991 WordPress Booking Calendar plugin <= 9.4.3 - SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.This issue affects Booking Calendar: from n/a through 9.4.3...

WordPress Booking Calendar Plugin <= 9.4.3 is vulnerable to SQL Injection

Software Booking Calendar Type Plugin Vulnerable versions = 9.4.3 Fixed in 9.4.3.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-23991 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 35338ed5afc5 Credits Rafshanzani Suhada Required privilege...