CVE-2026-54398 MISP object edit authorization bypass allows unauthorized sharing group assignment

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

SUSE CVE-2025-68266

In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 32bits "mode" field loaded from disk are corrupted or when the 32bits "attributes"...

CVE-2025-68266 bfs: Reconstruct file type when loading from disk

In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 32bits "mode" field loaded from disk are corrupted or when the 32bits "attributes"...

EUVD-2023-12432

Malicious code in bioql PyPI...

EUVD-2022-52081

Malicious code in bioql PyPI...

EUVD-2022-51832

Malicious code in bioql PyPI...

EUVD-2022-52003

Malicious code in bioql PyPI...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cups (SUSE-SU-2025:03261-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03261-1 advisory. - CVE-2024-47175: no validation of IPP attributes in ppdCreatePPDFromIPP2 when writing to a...

SUSE-SU-2025:03261-1 Security update for cups

This update for cups fixes the following issues: - CVE-2024-47175: no validation of IPP attributes in ppdCreatePPDFromIPP2 when writing to a temporary PPD file allows for the injection of attacker-controlled data to the resulting PPD bsc1230932. - CVE-2025-58060: no password check when AuthType i...

Diebold Nixdorf Vynamic Security Suite 安全漏洞

Diebold Nixdorf Vynamic Security Suite Diebold Nixdorf VSS is a security access suite from Diebold Nixdorf, USA. A security vulnerability exists in Diebold Nixdorf Vynamic Security Suite version 4.3.0 SR01 and prior versions, which stems from insufficient validation of file attributes and could...

Linux Distros Unpatched Vulnerability : CVE-2024-26849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netlink: add nla be16/32 types to minlen array BUG: KMSAN: uninit-value in...

CVE-2023-0075

The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial-of-service vulnerability that stems from an inability to properly validate post attributes, which can be exploited by an attacker to cause a system crash...

CVE-2024-11606

The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-11841 Tithe.ly Giving Button <= 1.1 - Contributor+ Stored XSS via Shortcode

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

[SECURITY] [DSA 5778-1] cups-filters security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5778-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2024 https://www.debian.org/security/faq -...

CVE-2024-47076 libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server

CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. The cfGetPrinterAttributes5 function in libcupsfilter...

CVE-2024-44148

This issue was addressed with improved validation of file attributes. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox...

SUSE CVE-2024-42160

In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...

DEBIAN-CVE-2024-42160

In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...