CVE-2025-0824

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...

CVE-2026-56045

Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...

CVE-2025-68064

Contributor Local File Inclusion in Goya Core 1.0.9.4 versions...

CVE-2026-13426 Client4 fails to validate path parameters

The Mattermost Go module github.com/mattermost/mattermost/server/public versions v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost...

CVE-2026-5309

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...

Tridium Niagara Argument Injection (CVE-2025-3945)

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...

CVE-2026-45677

Summary (CVE-2026-45677): Rocket.Chat prior to versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11 fails to verify the signature on inbound SAML LogoutRequest messages. This allows an unauthenticated remote attacker who knows a target user’s SAML NameID (commonly the user’s ema...

CVE-2026-56244

Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to...

CVE-2026-56270

Flowise (FlowiseAI) before 3.1.0, including 3.0.13 and earlier, exposes a missing authentication vulnerability at /api/v1/loginmethod that allows unauthenticated retrieval of an organization’s complete SSO configuration, including OAuth client secrets in cleartext, by passing an organizationId. T...

UBUNTU-CVE-2026-56376

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service...

CVE-2026-46072 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46072 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-45846 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-45846 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-12602

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive...

Astra Linux – Vulnerability in Firefox

Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 100. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploite...

Astra Linux – Vulnerability in Firefox

Mozilla developers reported memory safety bugs in Firefox 85. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 86...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick’s MagickCore/statistic.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of type unsigned long. This likely affects the availability of the application, but ...

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. By exploiting vulnerabilities in the Lua script execution environment, an attacker with access to Redis prior to versions 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. T...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick within MagickCore/quantum.h. An attacker who submits a crafted file processed by ImageMagick could induce undefined behavior, resulting in values that fall outside the range of types float and unsigned char. This likely leads to a disruption in the application...

Astra Linux – Vulnerability in Chromium

The use of “after free” in Extensions in Google Chrome before version 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in sudo

Before version 1.9.13, Sudo did not escape control characters in log messages...