2459 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: sfc: Fixed the TX channel offset when using legacy interrupts. In the legacy interrupt mode, the txchanneloffset was hardcoded to 1, but this is incorrect if efxsepparatetxChannels is set to false. In that case, the offset is 0...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ALSA: hda: Fixed an error related to the names of surround channels in version 9.1. The getlineoutpfx function may trigger an error due to overflowing a static array with more than 8 channels. This issue was reported on...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: sfc: fixed the issue where all channels had TX queues. Normally, all channels have both RX and TX queues. However, this is not true when modparam efxseparatetxchannels=1 is used. In such cases, some channels only have RX queue...
Astra Linux – Vulnerability in Chromium
Side-channel information leakage in keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iio: accel: sca3300: fixed uninitialized iio scan data Fixed the potential leakage of uninitialized stack data into the user space by ensuring that the channels array is cleared before use...
GHSA-29JH-8CFQ-RR8X ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components
Summary A Server-Side Request Forgery SSRF vulnerability was discovered in Zitadel affecting: HTTP Notification Channels: Used as an alternative to SMTP/Twilio configurations, sending payloads to user-defined URLs via HTTP POST webhooks. OIDC BackChannel Logout: Terminates sessions across differe...
ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components
Summary A Server-Side Request Forgery SSRF vulnerability was discovered in Zitadel affecting: HTTP Notification Channels: Used as an alternative to SMTP/Twilio configurations, sending payloads to user-defined URLs via HTTP POST webhooks. OIDC BackChannel Logout: Terminates sessions across differe...
PT-2026-50740
Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0 through 4.15.1 Zitadel versions 3.0.0 through 3.4.11 Description A Server-Side Request Forgery SSRF issue exists in components that handle outgoing HTTP requests, specifically HTTP Notification Channels, OIDC BackChannel...
PT-2026-49771
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description An issue in internal and webchat command authentication allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. This enables attackers to send commands on affected...
CVE-2026-44786
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...
CVE-2026-44786
CVE-2026-44786 affects Discourse: versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1 allow chat events from public category channels to be published to MessageBus without proper permission scoping, enabling any MessageBus subscr...
CVE-2026-44786 Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...
CVE-2026-53646
creationtimestamp| type| source ---|---|--- 2026-06-12 11:00:12+00:00| published-proof-of-concept| Telegram/YXCyRYfB5puG4zVuSsqFt0CqpucG34vnwOdsG1DKfw8sOUE 2026-06-12 15:00:07+00:00| published-proof-of-concept| Telegram/ycLXaxSGB-ldONYQWC7S6J3lanIcH0nsjxJAaBzeM5ug0Y...
PT-2026-48983
Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description Chat events for public category channels are published to the MessageBus without permission scoping. This allows any MessageBus...
CVE-2026-47176
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...
EUVD-2026-36276
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...
CVE-2026-47176
CVE-2026-47176 affects the Quest Bot (open-source Discord bot) prior to version 1.0.4. The vulnerability arises in the logging module: a user who can configure bot settings can enable logging and select a logging channel they can read, which allows the bot to log deleted and edited message conten...
CVE-2026-47176 Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...
CLEANSTART-2026-WA48911 authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users
Multiple security vulnerabilities affect the percona-server-mongodb-operator package. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. See...
Quest Bot 信息泄露漏洞
Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.4 contained an information leakage vulnerability. This vulnerability stemmed from the logging feature not restricting channel access, allowing configured users to...