USN-8360-1 sslh vulnerability

It was discovered that sslh did not properly handle symbolic links when writing its PID file. A local attacker could possibly use this issue to overwrite arbitrary files...

USN-8360-1: sslh vulnerability

It was discovered that sslh did not properly handle symbolic links when writing its PID file. A local attacker could possibly use this issue to overwrite arbitrary files...

USN-8055-2: Evolution Data Server vulnerability

USN-8055-1 fixed a vulnerability in Evolution Data Server. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Evolution Data Server incorrectly handled removing local cache files. An attacker could possibly us...

USN-8055-2 evolution-data-server vulnerability

USN-8055-1 fixed a vulnerability in Evolution Data Server. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Evolution Data Server incorrectly handled removing local cache files. An attacker could possibly us...

Missing Authorization

Overview @vitest/ui is an UI for Vitest Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshots by connecting to an exposed...

SUSE-SU-2026:21883-1 Security update for qemu

This update for qemu fixes the following issues - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. - CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption bsc1256484. - CVE-2026-2243: incorrect bounds check leads to heap...

Advisory ROSA-SA-2026-3309

CVE-ID: CVE-2014-9636 BDU-ID: None CVE-Crit: MEDIAN CVE-DESC.: The vulnerability in unzip 6.0 allows a remote attacker to cause a service failure reading or writing beyond the buffer and crashing the process through a specially created ZIP archive with an incorrect Extra-field size. CVE-STATUS: T...

SUSE-SU-2026:21944-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim bsc1264706. - CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile via crafted filename bsc1265349. -...

CVE-2026-40547 Path Traversal in SOPlanning

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

Your phone called. It needs a cleanup.

Does it sometimes take your phone a few minutes to accomplish one simple task? That can be wildly frustrating. But you’re in luck, because we’ve got a free tool that scans your phone for leftover files, temporary data, outdated caches and helps you clean up all that junk. Introducing our Junk...

Banana-slides path traversal vulnerability

banana-slides is an AI-based PPT generation application developed by Anion. Versions of banana-slides 0.4.0 and earlier have a path traversal vulnerability. This vulnerability stems from a path traversal issue in the AI service’s backend function, generateimage. Due to the use of os.path.startswi...

NextCloud Server Access Control Vulnerability

NextCloud Server is an open-source NextCloud server program. Versions of NextCloud Server from 32.0.0 to 32.0.9 and from 33.0.0 to 33.0.3 had a access control vulnerability due to improper sharing token access controls. This vulnerability could allow malicious users to access temporarily uploaded...

PT-2026-45527

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 32.0.0 through 32.0.1 Nextcloud Server versions 33.0.0 through 33.0.0 Nextcloud Enterprise Server versions prior to 31.0.14.4 Nextcloud Enterprise Server versions 32.0.0 through 32.0.1 Nextcloud Enterprise Server...

NextCloud Android app authorization issue vulnerability

The Nextcloud Android app is a mobile application developed by the German company Nextcloud, designed for accessing Nextcloud servers on the Android platform. In versions 33.0.0 to 33.1.0 of the Nextcloud Android app, there was an authorization vulnerability. This vulnerability occurred when...

CVE-2025-60485

GPAC MP4Box contains a segmentation fault in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) that can crash the process when parsing a crafted MP4 file, affecting versions before 26.02.0. The issue is a DoS vulnerability caused by a fault in tag handling. The available references c...

CodexBar security vulnerabilities

CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.32.0 contained security vulnerabilities. These vulnerabilities stemmed from the handling of insecure temporary files during the publication of workflows, which could allow...

PT-2026-45475

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...

PT-2026-45531

Name of the Vulnerable Software and Affected Versions Nextcloud versions 4.3.0 through 5.2.6 Description A removed collaborator retains unauthorized read access to uploaded respondent files for an affected form. This access is limited to uploaded files for forms where the user previously possesse...

PT-2026-45360

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

NextCloud Files approval information leakage vulnerability

NextCloud Files Approval is an open-source file approval software developed by NextCloud. Versions of NextCloud Files Approval prior to version 2.7.2 had a vulnerability related to information leakage. This vulnerability stemmed from a lack of permission checks, allowing authenticated users to...