GHSA-7CX3-2QX2-3G6W phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags

Summary The TagController::delete endpoint at DELETE /admin/api/content/tags/tagId only verifies that the user is logged in userIsAuthenticated, but does not check any permission. Any authenticated user — including regular non-admin frontend users — can delete any tag by ID. This contrasts with...

phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags

Summary The TagController::delete endpoint at DELETE /admin/api/content/tags/tagId only verifies that the user is logged in userIsAuthenticated, but does not check any permission. Any authenticated user — including regular non-admin frontend users — can delete any tag by ID. This contrasts with...

EUVD-2026-27860

A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller CNC and Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected system. This vulnerability is due to an inadequate...

CVE-2026-43138

A flaw was found in the Linux kernel. A local user could exploit a vulnerability in the GPIO General Purpose Input/Output reset controller by unbinding a dynamically created device through the sysfs a virtual filesystem providing an interface to kernel data structures interface. This improper...

Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure

Summary AssetsController::actionShowInFolder fetches an asset by ID and returns its filename and complete folder hierarchy including volume handle, volume UID, folder names, folder UIDs, and folder URI paths without checking whether the requesting user has viewAssets or viewPeerAssets permission ...

CVE-2026-20188

Following the initial publication of the Security Advisory about a denial of service DoS condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator NSO, additional information has been made available to the Cisco Product Security Incident Response Team PSIRT. Upon...

CVE-2026-20188 Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory

Following the initial publication of the Security Advisory about a denial of service DoS condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator NSO, additional information has been made available to the Cisco Product Security Incident Response Team PSIRT. Upon...

CVE-2026-20188 Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory

Following the initial publication of the Security Advisory about a denial of service DoS condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator NSO, additional information has been made available to the Cisco Product Security Incident Response Team PSIRT. Upon...

CVE-2026-20188

Following the initial publication of the Security Advisory about a denial of service DoS condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator NSO, additional information has been made available to the Cisco Product Security Incident Response Team PSIRT. Upon...

CVE-2026-20188

Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) are affected by a denial-of-service (DoS) condition due to an inadequate rate-limiting implementation on the connection-handling mechanism. An unauthenticated remote attacker can overwhelm the system with a hig...

Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory

Following the initial publication of the Security Advisory about a denial of service DoS condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator NSO, additional information has been made available to the Cisco Product Security Incident Response Team PSIRT. Upon...

EUVD-2026-27830

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

CVE-2026-8027

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

CVE-2026-8027 FlowiseAI Flowise User Controller authorization

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

CVE-2026-8027

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

CVE-2026-8027 FlowiseAI Flowise User Controller authorization

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated...

CVE-2026-43281

In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fwmboxindexxlate Although it is guided that mbox-cells must be at least 1, there are many instances of mbox-cells = ; in the device tree. If that is the case and the corresponding mailbox...

CVE-2026-43181

In the Linux kernel, the following vulnerability has been resolved: gpio: sysfs: fix chip removal with GPIOs exported over sysfs Currently if we export a GPIO over sysfs and unbind the parent GPIO controller, the exported attribute will remain under /sys/class/gpio because once we remove the pare...

CVE-2026-43281

In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fwmboxindexxlate Although it is guided that mbox-cells must be at least 1, there are many instances of mbox-cells = ; in the device tree. If that is the case and the corresponding mailbox...

CVE-2026-43281 mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()

In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fwmboxindexxlate Although it is guided that mbox-cells must be at least 1, there are many instances of mbox-cells = ; in the device tree. If that is the case and the corresponding mailbox...