UBUNTU-CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affec...

Astra Linux - уязвимость в opensc

The Oberthur smart card software driver in OpenSC before version 0.21.0-rc1 has a heap-based buffer overflow in the scoberthurreadfile function...

GHSA-VW82-7FV8-R6GP Obot has an authorization bypass in /mcp-connect/{id} that allows any authenticated user to use any registered MCP server

Summary If you have the MCP Server ID, you can connect to the MCP server even if you don't have permissions to the server. The MCP gateway endpoint /mcp-connect/mcpid does not enforce Access Control Rules ACRs. Any authenticated Obot user who possesses an MCP Server ID can connect to that server...

CVE-2026-32116

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

CVE-2026-22249

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

CVE-2026-22249

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

[SECURITY] Fedora 42 Update: tuxanci-0.21.0-26.fc42

Tuxanci is a first Tux shooter game supporting single player and multi-player modes both on a single computer and over the network...

CVE-2024-41659

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

EUVD-2020-19116

Malware in sbrugna...

CVE-2025-54374

Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, including a malicious one they control. When a...

CVE-2025-54374 Eidos: One-click Remote Code Execution through Custom URL Handling

Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, including a malicious one they control. When a...

Eidos 安全漏洞

Eidos is an extensible framework for personal data management by Mayne Personal Developers. A security vulnerability exists in Eidos 0.21.0 and prior versions, which stems from a specially crafted eidos URL that triggers a custom URL handler, which could lead to remote code execution...

CVE-2025-55574

Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2024-22049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename...

CVE-2025-55574

Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...

CVE-2025-55574

CVE-2025-55574 affects Docmost software. The identified issue is a Cross-Site Scripting vulnerability in docmost versions prior to 0.21.0 that could allow an attacker to execute arbitrary code. Root cause details are not fully disclosed across all documents, but PT-2025-34672 explicitly states th...

CVE-2025-55574

Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code...

OESA-2025-1829 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is an HTTP/HTTPS server and client library written in C++ by individual developers of yhirose. cpp-httplib version 0.21.0 has a...

OESA-2025-1724 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is an HTTP/HTTPS server and client library written in C++ by individual developers of yhirose. cpp-httplib version 0.21.0 has a...

OESA-2025-1721 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is an HTTP/HTTPS server and client library written in C++ by individual developers of yhirose. cpp-httplib version 0.21.0 has a...