CVE-2026-34086 AbuseFilter misuses ::userCanBitfield, exposing access-controlled information

Vulnerability in Wikimedia Foundation AbuseFilter. This issue affects AbuseFilter: from before 1.43.7, 1.44.4, 1.45.2...

External Control of File Name or Path

Overview streamlink is a Streamlink is a command-line utility that extracts streams from various services and pipes them into a video player of choice. Affected versions of this package are vulnerable to External Control of File Name or Path via the parsing process for HLS and DASH playlists or...

SUSE CVE-2026-43306

In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct destructor kfunc type With CONFIGCFI enabled, the kernel strictly enforces that indirect function calls use a function pointer type that matches the target function. I ran into the following type...

SUSE CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the updatemessagebyid process. An attacker can modify messages authored by other users by sending a request to the message update endpoint with only read permissions in a standard...

GHSA-JGJ3-R8HR-9PJW Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission

Vulnerability Description In standard channels i.e., channels whose channel.type is neither group nor dm, the endpoint POST /api/v1/channels/channelid/messages/messageid/update can be accessed with read permission only. When accesscontrol is set to None, the authorization check hasaccess...,...

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

USN-8200-3 linux-raspi, linux-raspi-5.4 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; CVE-2022-49046,...

USN-8200-3: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; CVE-2022-49046,...

CLSA-2026-1778495013 subversion: Fix of CVE-2024-46901

CVE-2024-46901: fix moddavsvn denial-of-service via control characters in paths...

CVE-2025-8325

The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...

CVE-2025-8325 Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations

The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...

CVE-2025-8325

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2025-8325; current sources describe an RBAC bypass affecting Gateway and Internal Service APIs in WSO2 products, but no concrete technical specifics are provided here.

CVE-2026-8273

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

CVE-2026-8263 Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.22 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypass in the Control UI bootstrapping endpoint, allowing unauthenticated attackers to...

JetBrains TeamCity 访问控制错误漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1 an...

D-Link DCS-932L 安全漏洞

The D-Link DCS-932L is a network surveillance camera from D-Link Corporation. It is used for security and monitoring purposes. The D-Link DCS-932L version 2.18.01 has a security vulnerability. This vulnerability stems from improper handling of the parameter LightSensorControl by the function...

WSO2多款产品 安全漏洞

WSO2 API Manager, among others, are products of the American company WSO2. WSO2 API Manager is a set of API lifecycle management solutions. WSO2 API Control Plane is a control panel. WSO2 Traffic Manager is a component designed to regulate and manage API traffic. Several WSO2 products have securi...

PT-2026-39683

OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Attackers can access the bootstrap config route without a valid Gateway token to expose sensitive...