axonflow-sdk-go: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...

PT-2026-36563

Name of the Vulnerable Software and Affected Versions App Builder – Create Native Android & iOS Apps On The Flight versions prior to 5.6.1 Description An Insecure Direct Object Reference IDOR exists due to missing authorization validation in the upload avatar function. The...

Linux Distros Unpatched Vulnerability : CVE-2026-40542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper...

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

PT-2026-34264

Name of the Vulnerable Software and Affected Versions Apache HttpClient version 5.6 Description A missing critical step in authentication allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Recommendations Upgrade to...

PT-2026-5883

Name of the Vulnerable Software and Affected Versions MyRewards – Loyalty Points and Rewards for WooCommerce plugin versions prior to 5.6.1 Description The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress does not properly verify user authorization when performing actio...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004637 advisory. In the Linux kernel 5.5.0 and newer, the bpf verifier kernel/bpf/verifier.c did not properly restrict the register bounds for 32-bit operations, leading to...

CVE-2026-22775 devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

Svelte security vulnerabilities

Svelte is an open-source approach to building web applications. Versions of Svelte from 5.1.0 to 5.6.1 have security vulnerabilities. These vulnerabilities stem from the ArrayBuffer hydration process not checking input assumptions properly, which can lead to denial-of-service attacks...

CVE-2024-2421

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions...

CVE-2024-2422

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands...

AZL-70319 CVE-2025-47913 affecting package podman 5.6.1-7

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

CVE-2024-9341 affecting package podman for versions less than 5.6.1-2

CVE-2024-9341 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-37298 affecting package podman for versions less than 5.6.1-2

CVE-2024-37298 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-28180 affecting package podman for versions less than 5.6.1-2

CVE-2024-28180 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2022-4123 affecting package podman for versions less than 5.6.1-2

CVE-2022-4123 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2022-41717 affecting package podman for versions less than 5.6.1-2

CVE-2022-41717 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-3056 affecting package podman for versions less than 5.6.1-2

CVE-2024-3056 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-3727 affecting package podman for versions less than 5.6.1-2

CVE-2024-3727 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-10026 affecting package podman for versions less than 5.6.1-2

CVE-2024-10026 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...