Linux Distros Unpatched Vulnerability : CVE-2025-13874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

GHSA-CHQV-VRJ7-QFFP NocoDB: Shared-base link access can invite arbitrary users as persistent base members

Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...

Astra Linux - уязвимость в nodejs

Certain build processes for libuv and Node.js for 32-bit systems, such as the nodejs binary package through nodejs20.19.0+dfsg-2i386.deb for Debian GNU/Linux, have inconsistent offt size settings. For example, when building on the i386 architecture for Debian GNU/Linux, FILEOFFSETBITS=64 is alway...

CVE-2026-42526

The CVE-2026-42526 vulnerability affects apache-airflow-providers-amazon backends for AWS Secrets Manager and SSM Parameter Store prior to 9.28.0. The team-scoping logic could resolve a conn_id containing a slash (for example a_team/conn) to the same path as another team’s secret when the caller ...

CLSA-2026-1778674879 opensc: Fix of CVE-2024-45619

CVE-2024-45619: fix incorrect access of initialized parts of partially filled buffers triggered by crafted APDU responses from USB devices or smart cards...

EUVD-2025-209797

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox...

CVE-2025-43524

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox...

PT-2026-38352

Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8...

CVE-2026-33420

Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...

CVE-2026-33212

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...

CVE-2025-70023

An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6...

CVE-2026-40446

Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

EUVD-2026-20556

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...

CVE-2026-28736

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued...

CVE-2025-71281

XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potentially allowing unauthorized method invocations...

BIT-DISCOURSE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No...

CVE-2026-28844

A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker may gain access to protected parts of the file system...

CVE-2026-32267

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user or an unauthenticated user who has been sent a shared URL can escalate their privileges to admin by abusing...

CVE-2026-28844

A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker may gain access to protected parts of the file system...

CVE-2026-20701

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to connect to a network share without user consent...