CVE-2026-7798

The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.9.87 via the 'SubscribeURL' parameter. This makes it possible for...

Unlocking Apple's Private Cloud Compute: An Analysis of Privacy-Preserving Artificial Intelligence

Many existing Artificial Intelligence AI solutions on mobile devices rely on an extensive collection of sensitive data, raising privacy concerns and often requiring storage for both context and model improvement. Apple's Private Cloud Compute PCC aims to address this by emphasizing mobile device...

CVE-2026-42206 Roadiz OpenID Connect nonce generated but never validated — ID token replay attack

Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, the roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate and includes it in the authorization request sent to the identity provider, but never...

OpenID Connect nonce generated but never validated — ID token replay attack

Summary The roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerator::generate and includes it in the authorization request sent to the identity provider, but never stores it and never validates it on the callback. The OpenIdJwtConfigurationFactory validation chain does not include a...

CVE-2026-28787 OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay

OneUptime is a solution for monitoring and managing online services. In version 10.0.11 and prior, the WebAuthn authentication implementation does not store the challenge on the server side. Instead, the challenge is returned to the client and accepted back from the client request body during...

CVE-2026-28787

OneUptime WebAuthn 2FA bypass: server does not store the authentication challenge, accepting a client-supplied challenge during verification. This allows an attacker who has a valid WebAuthn assertion (from password compromise, XSS, MITM, or log exposure) to replay the assertion indefinitely, byp...

DRUPAL-CORE-2025-007

By generating and tricking a user into visiting a malicious URL, an attacker can perform site defacement. The defacement is not stored and is only present when the URL has been crafted for that purpose. Only the defacement is present, so no other site content such as branding is rendered...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereferencing in msmdispstateprint regs. If the allocation in msmdispstatedump regs fails, block-state can become NULL. The msmdispstateprint regs function includes code to handle this situation: c if reg...

AZL-53385 CVE-2024-50156 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msmdispstateprintregs If the allocation in msmdispstatedumpregs failed then block-state can be NULL. The msmdispstateprintregs function does have code to try to handle it with: if reg dumpaddr =...

DEBIAN-CVE-2024-50156

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msmdispstateprintregs If the allocation in msmdispstatedumpregs failed then block-state can be NULL. The msmdispstateprintregs function does have code to try to handle it with: if reg dumpaddr =...

AZL-53268 CVE-2024-50156 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msmdispstateprintregs If the allocation in msmdispstatedumpregs failed then block-state can be NULL. The msmdispstateprintregs function does have code to try to handle it with: if reg dumpaddr =...

UBUNTU-CVE-2024-50156

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msmdispstateprintregs If the allocation in msmdispstatedumpregs failed then block-state can be NULL. The msmdispstateprintregs function does have code to try to handle it with: if reg dumpaddr =...

CVE-2024-50156 drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msmdispstateprintregs If the allocation in msmdispstatedumpregs failed then block-state can be NULL. The msmdispstateprintregs function does have code to try to handle it with: if reg dumpaddr =...

quarkus-oidc: ID and access tokens leak via the authorization code flow

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

CVE-2023-1584

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provide...

CVE-2022-1706

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data...