12486 matches found
Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch
Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to --allowedTools restrictions. An attacker able to inject untrust...
RHSA-2026:26460 Red Hat Security Advisory: 389-ds:1.4 security update
Bulletin has no description...
Security Bulletin: The Apache Tomcat application server that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities.
Summary The Apache Tomcat application server that is shipped with IBM ApplinX is vulnerable to multiple vulnerabiltiies CVE-2026-29146, CVE-2026-34487, CVE-2026-24880, CVE-2026-25854, CVE-2026-29129, CVE-2026-29145, CVE-2026-32990, CVE-2026-34483, CVE-2026-34500, CVE-2026-41284, CVE-2026-41293,...
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...
TYPO3 CMS has Broken Access Control in the Recycler Module
Problem Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits...
TYPO3 CMS: Broken Access Control in Media Module
Problem Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS,...
Security update for hplip
This update for hplip fixes the following issues Update to HPLIP 3.26.4: Security issues: CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. CVE-2026-8631: escalation of privileges and/or arbitrary...
Security update for elemental-system-agent (important)
openSUSE security update: security update for elemental-system-agent ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20924-1 Rating: important References: bsc1260277 Cross-References: CVE-2026-33186 CVSS scores: CVE-2026-33186 SUSE : 8.1...
chromedriver-149.0.7827.53-2.1 on GA media (moderate)
chromedriver-149.0.7827.53-2.1 on GA media Announcement ID: openSUSE-SU-2026:10958-1 Rating: moderate Cross-References: CVE-2026-10881 CVE-2026-10882 CVE-2026-10883 CVE-2026-10884 CVE-2026-10885 CVE-2026-10886 CVE-2026-10887 CVE-2026-10888 CVE-2026-10889 CVE-2026-10890 CVE-2026-10891 CVE-2026-108...
CVE-2026-28965
A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.5 and iPadOS 26.5. A user may be able to view restricted content from the lock screen...
CVE-2026-0259
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...
[SECURITY] Fedora 43 Update: rust-sequoia-wot-0.15.2-1.fc43
An implementation of OpenPGP's web of trust...
Security Update for Microsoft Visual Studio Code Nx-Console Extension (CVE-2026-48027)
The Microsoft Visual Studio Code Nx-Console Extension is version 18.95.0. It is, therefore, affected by an embedded malicious code vulnerability. The compromised extension fetched an obfuscated payload that could harvest credentials from multiple sources on disk and in memory. Note that Nessus ha...
EUVD-2025-210052
SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...
CVE-2026-45372
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check isfieldvalue is run before decoding, so encode...
[SECURITY] Fedora 43 Update: perl-Sereal-Decoder-5.005-1.fc43
This library implements a deserializer for an efficient, compact-output, and feature-rich binary protocol called Sereal...
[SECURITY] Fedora 43 Update: perl-Sereal-Encoder-5.005-1.fc43
This library implements an efficient, compact-output, and feature-rich serializer using a binary protocol called Sereal...
openSUSE 16 Security Update : cups (openSUSE-SU-2026:20812-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20812-1 advisory. This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. -...
Jupyter Server vulnerable to open redirect
Overview Jupyter Server provided by Jupyter Development Team contains the vulnerability listed below. Open redirect CWE-601 - CVE-2025-61669 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA and the developer. JPCERT/CC coordinated with the developer to publish t...
[SECURITY] Fedora 44 Update: rrdtool-1.9.0-11.fc44
RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data i.e. network bandwidth, machine-room temperature, server load average. It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data t...