[SECURITY] Fedora 42 Update: rust-jsonwebtoken-9.3.1-4.fc42

Create and decode JWTs in a strongly typed way...

Ajv JSON schema validator 安全漏洞

Ajv JSON schema validator is an open-source JSON format verifier developed by Ajv. Versions of Ajv JSON schema validator prior to 8.17.1 contained a security vulnerability. This vulnerability arises from the possibility of a denial-of-service attack due to the use of the $data option, which may...

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

PT-2026-7624

Name of the Vulnerable Software and Affected Versions OpenMetadata versions prior to 1.11.8 Description OpenMetadata is a unified metadata platform. Calls issued by the user interface against the /api/v1/ingestionPipelines API endpoint leak JSON Web Tokens JWTs used by the ingestion-bot for certa...

CVE-2025-69873

ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax $data reference, which is passed directly to the JavaScript RegExp constructor without...

PT-2026-7525

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.4 through 18.6.5 GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 Description An unauthenticated user could potentially cause a denial of service by exhausting memory or CPU resources...

1-sep-ui (>=0.0.1 <=0.0.2), 5e-quill-editor (=0.0.19) +5553 more potentially affected by CVE-2025-69873 via ajv (>=6.0.0 <=6.12.6)

ajv NPM version =6.0.0, =0.0.1, =1.0.23, =1.0.0, =0.0.2, =1.0.0, =0.0.10, =0.0.3, =1.0.6, =0.4.0, =0.0.1-bate.30, =0.0.1, =0.0.20, =0.0.65 and more Source cves: CVE-2025-69873 Source advisory: SNYK:JS-AJV-15274295...

Outline 路径遍历漏洞

Outline is an open-source knowledge base developed by Outline. Versions prior to Outline 1.4.0 contained a path traversal vulnerability. This vulnerability stemmed from insufficient validation of the attachments.key value during the JSON import process, which could allow attackers to read arbitra...

CVE-2026-0958

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits...

FreeBSD : Gitlab -- vulnerabilities (9d9940e7-071c-11f1-93ca-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9d9940e7-071c-11f1-93ca-2cf05da270f3 advisory. Gitlab reports: Incomplete Validation issue in Web IDE impacts GitLab CE/EE Denial of Service...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:ajv is an Another JSON Schema Validator Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper validation of the pattern keyword when combined with $data references. An attacker can cause the application to become...

CVE-2025-6967 Authentication Bypass in Sarman Soft's CMS

Execution After Redirect EAR vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking aka JavaScript Hijacking, Authentication Bypass. This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure bu...

CVE-2025-6967

The CVE-2025-6967 entry concerns an Execution After Redirect (EAR) vulnerability in Sarman Soft CMS. Affected component: the CMS itself; the root cause is EAR that enables JSON Hijacking (JavaScript Hijacking) and Authentication Bypass. Impact as stated includes high confidentiality and integrity...

CVE-2025-6967

Execution After Redirect EAR vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking aka JavaScript Hijacking, Authentication Bypass. This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure bu...

CVE-2025-6967 Authentication Bypass in Sarman Soft's CMS

Execution After Redirect EAR vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking aka JavaScript Hijacking, Authentication Bypass. This issue affects CMS: through 10022026. NOTE: The vendor was contacted early about this disclosure bu...

creepytrix

🔒 CREEPYTRIX - Bitrix Pentest Tool v1.1 !Versionhttps://i...

CVE-2026-2215

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRETKEY results in use of default cryptographic key. The attack can be initiated...

[SECURITY] Fedora 43 Update: rust-jsonwebtoken-9.3.1-4.fc43

Create and decode JWTs in a strongly typed way...

Sarman Soft CMS 安全漏洞

Sarman Soft CMS is a content management system developed by the Turkish company Sarman Soft. Versions of Sarman Soft CMS prior to 10022026 contained security vulnerabilities. These vulnerabilities were due to redirection-based execution, which could lead to JSON hijacking and authentication...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: osbuild-composer (UTSA-2026-005329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005329 advisory. golang-jwt is a Go implementation of JSON Web Tokens. Prior to 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument...