PT-2026-31793

URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...

CVE-2026-34758

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42...

EUVD-2026-18511

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42...

OneUptime 访问控制错误漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.42 contained a access control vulnerability. This vulnerability stemmed from the ability to access notification tests and telephone...

CVE-2025-68139

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

CVE-2025-68139

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

CVE-2025-34135

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by...

Flaw in Verizon call record requests put millions of Americans at risk

Security researcher Evan Connelly discovered an enormous flaw affecting one of the largest telecommunications companies in the world that could allow any single person to view the recent incoming call log for potentially any Verizon phone number. "In short, anyone could lookup data for anyone,"...

PT-2024-19003 · Discourse · Discourse Calendar

Name of the Vulnerable Software and Affected Versions: discourse-calendar affected versions not specified Description: The discourse-calendar plugin has a limit on region value length that is too generous, allowing a malicious actor to cause a Discourse instance to use excessive bandwidth and dis...

TotalCloud Insights: Uncovering the Hidden Dangers in Google Cloud Dataproc

Summary The Apache Hadoop Distributed File System HDFS can be vulnerable to data compromise when a Compute Engine cluster is in a public-facing virtual private cloud VPC or shares the VPC with other Compute Engine instances. Google Cloud Platform GCP provides a default VPC called default. This VP...

PYSEC-2024-179

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...

Design/Logic Flaw

The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory...

GaugeController allows for quick vote and withdraw voting strategy

Lines of code Vulnerability details Summary The GaugeController voting can be abused to apply all of the user's weight in every gauge's vote. GaugeController's voting changes the weight of the gauge. Each user can split their voting weight power between the gauges function...

CVE-2023-2183

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...

msie.5.0.setup.wizard.txt

Tue, 23 Mar 1999 11:41:24 +0200 Thor Kottelin Windows NT BugTraq Mailing List Thor Kottelin MSIE 5 installer disables screen saver After running the MSIE 5 installation wizard ie5setup.exe on two separate NT 4.0 SP4 machines - one Workstation, one Server - my screen saver Logon Screen Saver,...