CVE-2026-35058

Summary of CVE-2026-35058 / CVE-2026-40215 (OpenVPN) OpenVPN versions affected: 2.6.0–2.6.19 and 2.7_alpha1–2.7.1. The issue in tls-crypt-v2 key extraction stems from improper validation of packet length, which can trigger a fatal assertion and cause a denial of service when processing a speciall...

Astra Linux - уязвимость в wireshark

In Wireshark versions 3.0.0 to 3.0.6, and 2.6.0 to 2.6.12, the CMS dissector could crash. This issue was addressed in the epan/dissectors/asn1/cms/packet-cms-template.c file by ensuring that an object identifier is set to NULL after the ContentInfo dissection...

CLEANSTART-2026-UJ06223 Security fixes for CVE-2025-25285, CVE-2026-21637, ghsa-23c5-xmqv-rm74, ghsa-34x7-hfp2-rc4v, ghsa-72xf-g2v4-qvf3, ghsa-7r86-cg39-jmmj, ghsa-83g3-92jg-28cx, ghsa-8gc5-j5rx-235r, ghsa-8qq5-rm4j-mr97, ghsa-9ppj-qmqm-q256, ghsa-fj3w-jwp8-x2g3, ghsa-fjxv-7rqg-78g4, ghsa-jp2q-39xq-3w4g, ghsa-mh29-5h37-fv8m, ghsa-pfrx-2q88-qq97, ghsa-qffp-2rhf-9h96, ghsa-r6q2-hw4h-h46w, ghsa-rc47-6667-2j5j, ghsa-rmvr-2pp2-xj38 applied in versions: 2.6.0-r1, 2.7.0-r0, 2.8.1-r0

Multiple security vulnerabilities affect the mongosh package. These issues are resolved in later releases. See references for individual vulnerability details...

Unity Linux 20.1060e / 20.1070e Security Update: wireshark (UTSA-2026-005366)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005366 advisory. In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more...

Apache NiFi 代码问题漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A code issue vulnerability exists in Apache NiFi versions 1.20.0 through 2.6.0 that stems from the GetAsanaObject...

OpenVPN DoS Vulnerability (Dec 2025) - Windows

OpenVPN is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn";...

CVE-2025-60039

Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through = 2.6.0...

EUVD-2025-25334

Malicious code in bioql PyPI...

EUVD-2025-25333

Malicious code in bioql PyPI...

WordPress GetResponse Forms Plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin GetResponse Forms versions = 2.6.0...

CVE-2025-57800 Audiobookshelf vulnerable to OIDC token exfiltration and account takeover

Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary callback in a cookie,...

CVE-2025-57800

CVE-2025-57800 affects Audiobookshelf (versions 2.6.0–2.26.3) where OIDC redirect callbacks are not properly restricted, allowing an attacker to craft a login link that stores an arbitrary callback in a cookie. The attacker can cause a 302 redirect to an attacker-controlled URL after authenticati...

CVE-2025-48165

CVE-2025-48165 concerns an "Incorrect Privilege Assignment" vulnerability in the WordPress plugin DELUCKS SEO (versions up to 2.6.0). Public sources consistently describe privilege escalation via misassigned privileges within the DELUCKS SEO plugin, affecting WordPress sites using the plugin thro...

DEBIAN-CVE-2025-32802

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

PT-2025-23105

Name of the Vulnerable Software and Affected Versions Kea versions 2.4.0 through 2.4.1 Kea versions 2.6.0 through 2.6.2 Kea versions 2.7.0 through 2.7.8 Description Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common...

UBUNTU-CVE-2025-32803

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8...

WordPress plugin BP Profile Shortcodes Extra 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

Argo CD 安全漏洞

Argo CD is a declarative GitOps continuous delivery tool for Kubernetes open-sourced by the Argo Project. A security vulnerability exists in Argo CD versions 2.6.0 through 2.11.3, which stems from a web terminal that allows a user to obtain a shell inside a running Pod. When an administrator...

OESA-2024-1840 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

DEBIAN-CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...