664 matches found
CVE-2026-21722 Public Dashboards time range restriction on annotations can be bypassed
Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...
CVE-2026-21722 Public Dashboards time range restriction on annotations can be bypassed
Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...
CVE-2026-21722
Grafana CVE-2026-21722 affects the public dashboards annotations feature. The vulnerability allows a user to read the entire annotation history visible on a dashboard when timerange locking is disabled, exposing history outside the locked timerange. Root cause is that annotation timeranges were n...
Public Dashboards time range restriction on annotations can be bypassed
Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...
Grafana -- Public Dashboards time range restriction on annotations can be bypassed
https://grafana.com/security/security-advisories/cve-2026-21722 reports: Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific...
SecCodePRM: A Process Reward Model for Code Security
Large Language Models are rapidly becoming core components of modern software development workflows, yet ensuring code security remains challenging. Existing vulnerability detection pipelines either rely on static analyzers or use LLM/GNN-based detectors trained with coarse program-level...
Next-Generation Cyberattack Detection with Large Language Models: Anomaly Analysis across Heterogeneous Logs
This project explores large language models LLMs for anomaly detection across heterogeneous log sources. Traditional intrusion detection systems suffer from high false positive rates, semantic blindness, and data scarcity, as logs are inherently sensitive, making clean datasets rare. We address...
SUSE-SU-2026:20232-1 Security update for golang-github-prometheus-prometheus
This update for golang-github-prometheus-prometheus fixes the following issues: Update to version 3.5.0: Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global bsc1257329. - CVE-2025-12816: interpretation conflict...
SUSE CVE-2025-71115
In the Linux kernel, the following vulnerability has been resolved: um: init cputasks earlier This is currently done in umlfinishsetup, but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse, which has coverage annotations, and then the checks in checkkcovmode...
Istio parameter injection vulnerability
Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.2 have a parameter injection vulnerability. This vulnerability stems from the ability to inject iptables rules through annotations, thereby changing the firewall’s behavior...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: SCTP: A potential out-of-bounds exception has been prevented in sctptransportupdaterto. SYZBOOT reported a potential out-of-bounds exception 1. The responsible developer added rtoalphamax and set rtobetamax to 1000. It is...
MiracleLinux 9 : jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base (AXSA:2025-10737:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10737:01 advisory. com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 Tenable has extracted the preceding description block...
PT-2026-8114
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a data race condition around dev-work within the mISDN module. Specifically, dev-work can be read locklessly in the mISDN read and mISDN poll functions. The iss...
Vulnerabilities fixed in Foxit PDF Reader
Foxit has fixed vulnerabilities in Foxit PDF Reader Specifically for versions prior to 2025.2.1, 14.0.1 and 13.2.1 on Windows and macOS. The vulnerabilities include a local privilege escalation, a use-after-free vulnerability and a memory corruption related to insufficient boundary checking when...
CVE-2025-66497
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...
CVE-2025-66498
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...
CVE-2025-66498
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...
CVE-2025-66496
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...
CVE-2025-66498
Foxit PDF Reader is affected by CVE-2025-66498 due to insufficient bounds checking when parsing U3D data in 3D annotations, leading to out-of-bounds memory access and memory corruption. Connected sources confirm a family of Foxit vulnerabilities and state that updates fix these issues for version...
EUVD-2025-204462
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruptio...