Linux Distros Unpatched Vulnerability : CVE-2026-6277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain...

CVE-2026-6277

GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with Security Manager-role permissions to manage project security configuration even whe...

EUVD-2026-36230

GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with Security Manager-role permissions to manage project security configuration even whe...

CVE-2026-6277

GitLab EE contains an incorrect authorization issue (CVE-2026-6277) that could allow an authenticated user with Security Manager permissions to manage project security configuration even when the feature was disabled. Affects GitLab EE versions: 13.9 prior to 18.10.8, 18.11 prior to 18.11.5, and ...

CVE-2026-9791 Keycloak-rhel9: organization data leak after feature disabled in keycloak

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

Incorrect Authorization

Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Authorization via the user-facing APIs when the Organizations feature is disabled. An...

EUVD-2026-25174

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-20732

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege when OceReducedNeighborReport is disabled. User interaction is not needed for exploitation...

PT-2025-41231

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A flaw exists in JhumanJ OpnForm up to version 1.9.3, specifically within the Form Editor component. This issue involves manipulation of the /api/open/forms/ file, leading to cross site scriptin...

CentralSquare eTRAKiT.Net SQL injection vulnerability

RISK EVALUATION eTRAKiT is a public online portal that provides the public with easily accessible information related to permits, projects, licenses, code compliance, land, and inspections. An SQL injection vulnerability in the CRM feature of eTRAKiT.net release 3.2.1.77 allows a remote,...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as community, email, and chat rooms. Discourse suffers from a security vulnerability that stems from the fact that users may still be contacted under certain circumstances eve...

CVE-2024-55946 Playloom Engine Data Storage Vulnerability

Playloom Engine is an open-source, high-performance game development engine. Engine Beta v0.0.1 has a security vulnerability related to data storage, specifically when using the collaboration features. When collaborating with another user, they may have access to personal information you have...

Netscaler Gateway: ERR_CONNECTION_RESET when Accessing Gateway Vserver

When accessing Netscaler Gateway, we see ERRCONNECTIONRESET on the browser. Further, when we take a packet capture on Netscaler, we can see the Netscaler resetting the connection with Reset Code Window 9821. Further on checking the reason for this reset, we can understand this is due to the SSL...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a SIE validity issue that may be encountered when GISA is disabled...

PT-2024-40103 · Osv · Osv

Name of the Vulnerable Software and Affected Versions: OSV affected versions not specified Description: The issue concerns the behavior of the "remember me" function when it is disabled by the developer. If a user had previously logged in with the "remember me" box checked, any pre-existing cooki...

App protection setup issue

Error in configuring App Protection using the following guide: https://docs.citrix.com/en-us/tech-zone/learn/poc-guides/app-protection-policies.html. When running the below commandlet to enable app protection: Set-BrokerDesktopGroup -Name Applicationprotection - $true Error is displayed saying th...

Remote code execution

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionalit...

CVE-2022-41956 Autolab is vulnerable to file disclosure via remote handin feature

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature,...

CVE-2022-41956 Autolab is vulnerable to file disclosure via remote handin feature

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature,...

PT-2021-20956 · Hitachi Energy · Rtu500 Series Cmu Firmware

Name of the Vulnerable Software and Affected Versions: Hitachi Energy RTU500 series CMU Firmware version 12.0. Hitachi Energy RTU500 series CMU Firmware version 12.2. Hitachi Energy RTU500 series CMU Firmware version 12.4. Description: The issue is related to an Improper Input Validation...