DEBIAN-CVE-2026-49299

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

CVE-2026-40598

CVE-2026-40598 affects MantisBT (Mantis Bug Tracker). In versions 2.28.1 and earlier, improper escaping of the redirection page (constructed from the Referer header) allows an attacker to inject HTML, which can lead to cross-site scripting (XSS) in certain server configurations where the cache is...

CVE-2026-40598 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode...

CVE-2026-40598 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode...

GHSA-6JH4-47V2-4G37 MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leadi...

MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page

Improper escaping of the redirection page retrieved from the request's Referer header allows an attacker to inject HTML. While this is generally not directly actionable as modern browsers will URL-encode special characters, on some specific server configurations this could poison the cache, leadi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fixed the issue where blkmqtags double-free memory when nrrequests increases. In cases where user-triggered tags increase due to the nrrequests attribute in the queue sysfs, hctx-schedtags will be directly freed and...

CVE-2026-34788

Emlog vulnerability CVE-2026-34788 affects the core SQL layer in tag_model.php (updateTagName()). In versions up to 2.6.2, the function directly interpolates user input into SQL without parameterized queries or proper escaping, enabling SQL injection. Impact is high for confidentiality and integr...

Security update 5.1.1.1 for Multi-Linux Manager Client Tools

This update fixes the following issues: grafana was updated from version 11.5.7 to 11.5.10: Security issues fixed: CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client version 11.5.10 bsc1254113 CVE-2025-47911: Fix parsing HTML documents version 11.5.10 bsc12514...

SUSE-SU-2025:4444-1 Security update 5.1.1.1 for Multi-Linux Manager Client Tools

This update fixes the following issues: grafana was updated from version 11.5.7 to 11.5.10: - Security issues fixed: CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client version 11.5.10 bsc1254113 CVE-2025-47911: Fixed parsing HTML documents version 11.5.10...

CVE-2025-13093 Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update

The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/devs-crm/v1/bulk-update' REST-API endpoint in all versions up to, and including, 1.1.8. This makes it possible...

WordPress Devs CRM – Manage tasks, attendance and teams all together plugin <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update vulnerability

Missing Authorization to Unauthenticated Lead Tag Update vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Devs CRM versions = 1.1.8...

SUSE CVE-2025-39999

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix blkmqtags double free while nrrequests grown In the case user trigger tags grow by queue sysfs attribute nrrequests, hctx-schedtags will be freed directly and replaced with a new allocated tags, see blkmqtagupdatedept...

CVE-2025-39999

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix blkmqtags double free while nrrequests grown In the case user trigger tags grow by queue sysfs attribute nrrequests, hctx-schedtags will be freed directly and replaced with a new allocated tags, see blkmqtagupdatedept...

UBUNTU-CVE-2025-39999

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix blkmqtags double free while nrrequests grown In the case user trigger tags grow by queue sysfs attribute nrrequests, hctx-schedtags will be freed directly and replaced with a new allocated tags, see blkmqtagupdatedept...

CVE-2025-39999 blk-mq: fix blk_mq_tags double free while nr_requests grown

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix blkmqtags double free while nrrequests grown In the case user trigger tags grow by queue sysfs attribute nrrequests, hctx-schedtags will be freed directly and replaced with a new allocated tags, see blkmqtagupdatedept...

EUVD-2022-46069

Malicious code in bioql PyPI...

Ubuntu: Security Advisory (USN-7541-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5914-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Thunderbird Security Update (mfsa_2025-26) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...