CVE-2026-25519 OpenSlides has incorrect access control vulnerability in authentication service

OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins with username and password or an optionally configurable single sign on with SAML via an external ID...

CVE-2026-25519

OpenSlides prior to version 4.2.29 contains an authentication access-control flaw in the login flow for users synced via external IDPs (SAML). The issue allows a local login using a SAML username paired with a trivial password, effectively granting access to all SAML-linked accounts. The root cau...

CVE-2026-22245 Mastodon has SSRF Protection bypass

Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses unless specified in ALLOWEDPRIVATEADDRESSES to...

Fedora 31 : php-horde-kronolith (2020-0fbd043bcf)

kronolith 4.2.29 - mjr Fix regresssion in event modification notifications Bug 15022. ---- kronolith 4.2.28 - mjr SECURITY: Don't leak private details when sending notifications for private events Bug 15011. - mjr Fix regression in display of clickable event URL property Bug 14941. Note that...