USN-8200-3: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; CVE-2022-49046,...

CVE-2025-8325

The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...

CVE-2025-8154

In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...

CVE-2025-8325

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2025-8325; current sources describe an RBAC bypass affecting Gateway and Internal Service APIs in WSO2 products, but no concrete technical specifics are provided here.

CVE-2025-8325 Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations

The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...

CVE-2025-8154

CVE-2025-8154 describes an HTTP header injection vulnerability in the Webhook API invocations causing headers to be injected/overwritten in responses. Affected products include multiple WSO2 offerings (e.g., API Manager, Universal Gateway, Traffic Manager, API Control Plane, Carbon API Gateway/Ma...

CVE-2025-8154 HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation

In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP...

[SECURITY] Fedora 43 Update: nextcloud-33.0.3-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

PT-2026-39720

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 JetBrains TeamCity versions prior to 2025.11.5 Description Authenticated users can cause the server API to be exposed to unauthorized access. Recommendations Update to version 2026.1 or later. Update...

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 had code vulnerabilities. These vulnerabilities stemmed from the bundled plugin setup parser, which loaded setup-api.js from process.cwd. This allowed attackers to execute...

PT-2026-39749

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An authenticated user with...

PT-2026-39627

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description Local file inclusion LFI and server-side request forgery SSRF issues exist in the LLM API configuration endpoints. Authenticated users can read arbitrary server-side files by providing a path to the...

PT-2026-39903

Name of the Vulnerable Software and Affected Versions bird-lg-go versions prior to 1.4.5 Description The apiHandler and webHandlerTelegramBot functions process user-provided JSON payloads using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remo...

PT-2026-39567

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function OpenAPI list create of the component SMF. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informe...

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.14.1 contain security vulnerabilities. These vulnerabilities stem from the use of default file system permissions for the configuration directory and files of the daemon process. ...

JetBrains TeamCity 访问控制错误漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1 an...

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions of Outline prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the shares.create API, which accepted both collectionId and documentId. When published=false was set, only read access for each...

PT-2026-39717

Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.4.1 Description An issue exists where master-password re-authentication is not required when retrieving or rotating an organization's SCIM API key. This allows an authenticated user with SCIM management...

PT-2026-39644

In Meari IoT SDK builds embedded in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and white-label Android apps = 1.8.x latest observed, multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys...

PT-2026-39681

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX API HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization header...