2026-05 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 for x64 (KB5088859)

2026-05 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 for x64 KB5088859...

2026-05 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 (KB5088863)

2026-05 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 KB5088863...

May 12, 2026-KB5087051 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 25H2 and Microsoft server operating system 24H2

May 12, 2026-KB5087051 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 25H2 and Microsoft server operating system 24H2 Release Date: May 12, 2026 Version: .NET Framework 3.5 and 4.8.1 The May 12, 2026 update for Windows 11, version 25H2 and Microsoft server operating...

May 12, 2026-KB5087052 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2

May 12, 2026-KB5087052 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2 Release Date: May 12, 2026 Version: .NET Framework 3.5 and 4.8.1 The May 12, 2026 update for Microsoft server operating system, version 23H2 includes security and cumulati...

CVE-2026-41687

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

CVE-2026-41687 Wallos: SSRF CGNAT Bypass in subscription/payments Logo URL — is_cgnat_ip() Not Used in Inline Checks

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE that does not block...

Fedora: Security Advisory (FEDORA-2026-04d6f223e0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : python-flask-httpauth (2026-04d6f223e0)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-04d6f223e0 advisory. Update to version 4.8.1 2454342 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

2026-04 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 (KB5084068)

2026-04 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 KB5084068...

SUSE CVE-2026-34531

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...

CVE-2026-34531 Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...

Flask-HTTPAuth 授权问题漏洞

Flask-HTTPAuth is an HTTP authentication extension for the Flask framework developed by Miguel Grinberg. Versions of Flask-HTTPAuth prior to 4.8.1 had an authorization vulnerability. This vulnerability occurred when the client made a request to a resource protected by a token, but did not pass th...

Improper Authentication

Overview Flask-HTTPAuth is a HTTP authentication for Flask routes Affected versions of this package are vulnerable to Improper Authentication in the token verification process. An attacker can gain unauthorized access by submitting a request with a missing or empty token if the application stores...

PT-2026-29428

Name of the Vulnerable Software and Affected Versions Flask-HTTPAuth versions prior to 4.8.1 Description Flask-HTTPAuth, when used with token authentication, could potentially authenticate client requests against any user in the database with an empty string set as their token if the client reque...

Security Bulletin: PyArrow vulnerability affecting IBM Watson Studio in Cloud Pak for Data (CVE-2023-47248)

Summary PyArrow vulnerability in Runtimes 22.2 and Runtimes 23.1 components impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: Deserialization of untrusted data in IP...

CVE-2026-25887

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1...

CVE-2026-25888

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1...

CVE-2026-25877

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the projectid parameter when handling chart-related operations update, delete, etc...

CVE-2026-25888 Chartbrew: Remote Code Execution (RCE) via Vulnerable API

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1...

CVE-2026-25888

CVE-2026-25888 affects Chartbrew, an open‑source web application that can connect to databases and APIs to generate charts. A remote code execution vulnerability exists in versions prior to 4.8.1 through a vulnerable API, enabling an attacker with network access and low privileges, with no user i...