CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

PT-2026-46270

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device owner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECT MANAGER witho...

Apache NiFi - Information Disclosure

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

CVE-2026-49369

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

CVE-2026-49369

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

EUVD-2026-33377

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

CVE-2026-49369

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

CVE-2026-49369

JetBrains YouTrack before 2026.1.13162 is affected by an information disclosure vulnerability on the Users and Groups pages. The issue is exposed in versions prior to 2026.1.13162; CVSS 3.1 base score 4.3 (Medium). No root-cause or exploit details are provided in the documents. The fix is to upgr...

CVE-2026-49369

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages...

PT-2026-44949

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.1.13162 Description An information disclosure issue exists on the Users and Groups pages. Recommendations Update to version 2026.1.13162...

Information Security in Small-Scale Protests: Surveillance of Ugandan Anti-EACOP Protesters

We examine the information security practices of Ugandan climate activists protesting the development of the East African Crude Oil Pipeline EACOP. We conducted five-week fieldwork in Kampala, Uganda, which included interviews with 13 anti-EACOP activists. Through an inductive analysis, we report...

EUVD-2026-32598

Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...

CVE-2026-46425

Budibase contains a SCIM authorization flaw prior to version 3.38.2: the SCIM router (packages/worker/src/api/routes/global/scim.ts) attaches only requireSCIM and doInScimContext middlewares, with no role check. This allows any authenticated user (including BASIC role) who reaches the worker to p...

CVE-2026-45934

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...

UBUNTU-CVE-2026-45934

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...

CVE-2026-45934

CVE-2026-45934 – Linux kernel/Btrfs issue : A vulnerability in Btrfs chunk allocation caused an EEXIST abort when non-consecutive gaps appeared during forced DUP chunk allocations, leading to a transaction abort with “Object already exists.” The problem manifests in btrfs_create_pending_block_gro...

CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...

EUVD-2026-32161

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

PT-2026-43801

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insert dev extents in btrfs create pending block groups. The following is a sample stack trace of such ...