CVE-2026-33869

Mastodon vulnerability CVE-2026-33869 affects the 4.5.x branch (before 4.5.8) and the 4.4.x branch (before 4.4.15). An attacker who knows of a quote before it reaches a server can cause the server to misprocess it, resulting in a denial of service for quote authorization. The issue does not affec...

PT-2026-28542

Name of the Vulnerable Software and Affected Versions Mastodon versions 4.5.0 through 4.5.7 Mastodon versions 4.4.0 through 4.4.14 Description Mastodon is a free, open-source social network server based on ActivityPub. An attacker who is aware of a quote before it has reached a server can prevent...

CVE-2026-27128

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s...

PT-2026-6550

Name of the Vulnerable Software and Affected Versions iomad versions prior to 4.5 LTS iomad versions prior to 5.0 Description A flaw exists in iomad that allows for remote execution of SQL injection attacks. The issue resides within an unknown function of the Company Admin Block component...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002213)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002213 advisory. An issue was discovered in drivers/net/ethernet/arc/emacmain.c in the Linux kernel before 4.5. A use- after-free is caused by a race condition between the functions...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002731)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002731 advisory. Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service...

CVE-2023-40210

Cross-Site Request Forgery CSRF vulnerability in Sean Barton Tortoise IT SB Child List plugin = 4.5 versions...

Moodle Prompt Injection Vulnerability (MSA-25-0053)

Moodle is prone to a prompt injection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescriptio...

Automated Penetration Testing with LLM Agents and Classical Planning

While penetration testing plays a vital role in cybersecurity, achieving fully automated, hands-off-the-keyboard execution remains a significant research challenge. In this paper, we introduce the "Planner-Executor-Perceptor PEP" design paradigm and use it to systematically review existing work a...

blender-4.5-4.5.4-1.1 on GA media (moderate)

blender-4.5-4.5.4-1.1 on GA media Announcement ID: openSUSE-SU-2025:15755-1 Rating: moderate Cross-References: CVE-2022-0544 CVE-2022-0545 CVE-2022-0546 Affected Products: openSUSE Tumbleweed An update that solves 3 vulnerabilities can now be installed. Description: These are all security issues...

GHSA-33F4-MJCH-7FPR Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret

A vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret: https://github.com/ossf/allstar/blob/294ae985cc2facd0918e8d820e4196021aa0b914/pkg/reviewbot/reviewbot.goL59 The value used for the secret token was compiled into t...

EUVD-2006-4269

Malware in sbrugna...

EUVD-2016-10664

Malware in sbrugna...

EUVD-2005-2431

Malware in sbrugna...

EUVD-2002-0869

Malware in sbrugna...

EUVD-2006-6032

Malware in sbrugna...

EUVD-2006-3028

Malware in sbrugna...

EUVD-2012-2556

Malware in sbrugna...

EUVD-1999-1243

Malware in sbrugna...

EUVD-2019-3075

Malware in sbrugna...