CVE-2025-69653

CVE-2025-69653 affects QuickJS: when using the qjs interpreter with the -m option, a crafted JavaScript input can trigger an internal assertion in gc_decref_child (quickjs.c), causing an abort (SIGABRT) during garbage collection and a denial‑of‑service. The issue is fixed in commit 1dbba8a88eaa40...

CVE-2025-69653

A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 2025-12-11, in file gcdecrefchild in quickjs.c, when executed with the qjs interpreter using the -m option. This leads to an abort SIGABRT...

PT-2026-23742

Name of the Vulnerable Software and Affected Versions QuickJS versions prior to 2025-12-11 Description A specially crafted JavaScript input can cause an internal assertion failure within QuickJS. This occurs in the gc decref child function of the quickjs.c file when the QuickJS interpreter qjs is...

NewStart CGSL MAIN 6.06 (SP) : gcc Vulnerability (NS-SA-2026-0008)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has gcc packages installed that are affected by a vulnerability: - The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the...

CVE-2026-0869

Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support LinkBSL and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric...

CVE-2026-27803

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue...

CVE-2026-27803

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue...

CVE-2026-27803 Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue...

CVE-2026-27803 Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue...

CVE-2026-27803 Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue...

CVE-2026-27803

Vaultwarden (Rust-based Bitwarden-compatible server) contains an access-control flaw prior to version 1.35.4: an authenticated Manager with manage=false for a collection can still perform various management operations on that collection. The issue stems from the authorization check using can_acce...

EUVD-2026-9503

Vaultwarden's Collection Management Operations Allowed Without manage Verification for Manager Role...

Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role

Summary Testing confirmed that even when a Manager has manage=false for a given collection, they can still perform the following management operations as long as they have access to the collection: PUT /api/organizations//collections/ succeeds HTTP 200 PUT /api/organizations//collections//users...

GHSA-H4HQ-RGVH-WH27 Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role

Summary Testing confirmed that even when a Manager has manage=false for a given collection, they can still perform the following management operations as long as they have access to the collection: PUT /api/organizations//collections/ succeeds HTTP 200 PUT /api/organizations//collections//users...

Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager

Summary A Manager account accessall=false was able to escalate privileges by directly invoking the bulk-access API against collections that were not originally assigned to them. The API allowed changing assigned=false to assigned=true, resulting in unauthorized access. Additionally, prior to the...

MINI-VJJW-VW7W-WJPX

Bulletin has no description...

SUSE CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

FreeBSD : Firefox -- Multiple vulnerabilities (1124a7b0-1338-11f1-a55d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1124a7b0-1338-11f1-a55d-b42e991fc52e advisory. CVE-2026-2807: Memory safety bugs present in Firefox 147 and Thunderbird 147 CVE-2026-2806:...

PT-2026-23072

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description Vaultwarden, a Bitwarden compatible server, had a flaw where a Manager with limited permissions manage=false for a specific collection could still perform management operations like updating...

EUVD-2026-9330

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...