curl: Use after free in hyperfifo example

Summary: THIS ONLY IS AN ISSUE IN EXAMPLE CODE, NOT CURL ITSELF! In the hyperfifo example the event base is freed before the curlmulticleanup is called. This leads to a use after free in the addsocket callback, when libevent tries to lock a mutex in the base event during the curl shutdown. Link t...

libvips 缓冲区错误漏洞

libvips is an open-source fast image processing library with low memory requirements. Versions of libvips 8.18.0 and earlier contain a buffer error vulnerability, which stems from memory corruption in the function found in the libvips/foreign/matrixload.c file...

libvips 安全漏洞

libvips is an open-source fast image processing library with low memory requirements. Versions of libvips 8.18.0 and earlier contained security vulnerabilities, which stemmed from a null pointer dereferencing issue in the function located in the file libvips/foreign/matrixload.c...

Slackware Linux 15.0 / current curl Multiple Vulnerabilities (SSA:2026-007-01)

The version of curl installed on the remote host is prior to 8.17.0 / 8.18.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-007-01 advisory. New curl packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

CVE-2025-68129

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

CVE-2025-68129

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

CVE-2025-68129 Auth0-PHP SDK has Improper Audience Validation

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

CVE-2025-68129 Auth0-PHP SDK has Improper Audience Validation

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

Improper access control

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14....

CVE-2021-39113

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14....

Information disclosure issue in the comment notification feature - CVE-2021-39120

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to learn when a restricted comment is removed from an issue via an information disclosure vulnerability in the comment notification functionality. The affected versions are before version 8.18.0. Affected versions:...