Important: Red Hat Security Advisory: Red Hat Quay 3.17.2

Red Hat Quay 3.17.2 is now available with bug fixes. Quay 3.17.2...

CVE-2026-4420 Stored XSS via Page Creating functionality in Bludit

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...

CVE-2026-4420

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...

CVE-2026-4420

Summary: CVE-2026-4420 affects Bludit with a Stored XSS in the “page creating” flow. An authenticated user with page-creation privileges (Author/Editor/Admin) can insert a malicious script into the tags field when creating an article. The payload executes when a victim visits the uploaded resourc...

Bludit 跨站脚本漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Versions 3.17.2 and 3.18.0 of Bludit contain cross-site scripting vulnerabilities. These vulnerabilities stem from a storage-based cross-site scripting flaw in the page creation function. This allows...

EUVD-2026-16581

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

CVE-2026-25101

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

CVE-2026-25101

Bludit exposes a session fixation vulnerability: an attacker can set a user’s session ID before authentication, and the ID persists after login, enabling session hijacking. The issue affects Bludit and is fixed in version 3.17.2. Metrics indicate a high-impact CVSS base score (C/H I/H A/H) with n...

CVE-2026-25101 Session Fixation in Bludit

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

CVE-2026-25101 Session Fixation in Bludit

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

CVE-2026-25101

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2...

Bludit 授权问题漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Versions of Bludit prior to 3.17.2 had an authorization vulnerability. This vulnerability stemmed from the ability to set session identifiers before authentication, which could lead to session hijacking...

PT-2026-28341

Name of the Vulnerable Software and Affected Versions Bludit versions prior to 3.17.2 Description Bludit allows a user's session identifier to be set before authentication. The session ID remains consistent even after authentication, potentially allowing an attacker to fixate a session ID for a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002278)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002278 advisory. kernel/trace/tracesyscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002444)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002444 advisory. The sctpassoclookupasconfack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial...

EUVD-2014-3633

Malware in sbrugna...

CVE-2025-6600

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API...

Security update for helm

This update for helm fixes the following issues: Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: check...

Security update for helm

This update for helm fixes the following issues: Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: check...

WordPress Content Aware Sidebars plugin <= 3.17.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Content Aware Sidebars plugin versions = 3.17.1. Solution Update the WordPress Content Aware Sidebars plugin to the latest available version at least 3.17.2...