Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the configuration of endpoints under paths already assigned to Health Group additional paths. An attacker can gain unauthorized access to protected endpoints by sending reques...

GO-2026-4647 x402 SDK Security Advisory in github.com/coinbase/x402/go

x402 SDK Security Advisory in github.com/coinbase/x402/go. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to...

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: apache-beam-java-sdk, secrets-store-csi-driver-provider-gcp, emqx-exporter-fips, omnictl-multiarch, smarter-device-manager-fips, prometheus-podman-exporter-fips, crossplane-provider-aws-elasticache, elastic-agent, runc, crossplane-provider-gcp,...

[SECURITY] Fedora 42 Update: yt-dlp-2026.02.21-1.fc42

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

CVE-2025-48650

In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

[SECURITY] Fedora 43 Update: python3.15-3.15.0~a6-1.fc43

Python 3.15 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.15 package provides the "python3.15" executable:...

CVE-2026-25940

CVE-2026-25940 affects jsPDF prior to 4.2.0 via the AcroForm module. Attackers could abuse RadioButton.createOption and the AS property to inject arbitrary PDF objects, including JavaScript actions, executed when a user hovers a radio option. The issue is fixed in jsPDF 4.2.0; apply the update or...

CVE-2026-20630

CVE-2026-20630 describes a permissions issue in macOS Tahoe prior to update 26.3, where an app may access protected user data. The issue is fixed in macOS Tahoe 26.3 by applying additional restrictions on access to protected data. Affected: macOS Tahoe (26.3 fix). Impact: potential exposure of pr...

CVE-2026-20630

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data...

Important: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.18.1-2 Update

Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...

CVE-2025-24089

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps...

MiracleLinux 7 : bind-9.11.4-26.P2.16.0.5.el7.AXS7 (AXSA:2025-9780:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9780:04 advisory. CVE-2024-11187: fix Denial of Service via Additional Section Resource Exhaustion in BIND 9 CVEs: CVE-2024-11187 It is possible to construct a zone such that...

CVE-2025-23614

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in niksudan WordPress Additional Logins wp-additional-logins allows Reflected XSS.This issue affects WordPress Additional Logins: from n/a through = 1.0.0...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly handling the error code returned by imafilterrulematch, which could result in additional files bein...

CVE-2025-43428

A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Photos in the Hidden Photos Album may be viewed without authentication...

EUVD-2025-203895

A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through othe...

CVE-2025-43523

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access sensitive user data...

CVE-2025-43351

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data...

EUVD-2025-203137

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3. An app may be able to access sensitive user data...

CVE-2025-43519

This CVE (CVE-2025-43519) concerns a permissions issue in macOS that could allow an app to access sensitive user data. Concrete details in connected docs show fixes are included in macOS Tahoe 26.2, macOS Sequoia 15.7.3, and macOS Sonoma 14.8.3. The issue is addressed by these OS updates; no expl...