UBUNTU-CVE-2026-31404

In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svcexportput calls pathput and authdomainput immediately when the last reference drops, before the RCU grace period. RCU readers in eshow and cshow access both expath via...

CVE-2026-31404

In CVE-2026-31404, the Linux kernel NFSD component suffers a Use-After-Free: svc_export_put() releases sub-objects (path_put, auth_domain_put) immediately, before the RCU grace period, risking NULL pointer dereferences when cache_clean drops references concurrently. Fixes described in the CVE not...

CVE-2026-31404

In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svcexportput calls pathput and authdomainput immediately when the last reference drops, before the RCU grace period. RCU readers in eshow and cshow access both expath via...

@agentcorporation/server (>=0.3.3 <=0.3.13), @airisos/server (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +149 more potentially affected by unknown CVE via better-auth (>=0.4.10-beta.10 <=1.4.8-beta.4)

better-auth NPM version =0.4.10-beta.10, =0.3.3, =2026.324.0-canary.0, =2026.501.0, =2026.501.0, =0.0.7, =0.0.1, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.26, =1.3.27, =1.3.37 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XG6X-H9C9-2M83...

Authentication Bypass Using an Alternate Path or Channel

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the session.cookieCache component. An attacker can gain unauthorized access to protected...

@agentcorporation/server (>=0.3.3 <=0.3.13), @airisos/server (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +147 more potentially affected by unknown CVE via better-auth (>=1.0.0-canary.10 <=1.4.8-beta.4)

better-auth NPM version =1.0.0-canary.10, =0.3.3, =2026.324.0-canary.0, =2026.501.0, =2026.501.0, =0.0.7, =1.0.0, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.27, =1.3.26, =1.3.27, =1.3.37 and more Source cves: unknown CVE Source advisory: SNYK:JS-BETTERAUTH-15876756...

CVE-2026-35537

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...

GHSA-F693-58PC-2GFR OpenClaw: Telegram legacy allowFrom migration fans default-account trust into all named accounts

Summary Telegram legacy allowFrom migration fans default-account trust into all named accounts Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 Telegram migration fans legacy default-account allowFrom trust into named accounts, which is an...

OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification

Summary LINE webhook handler lacks shared pre-auth concurrency budget before signature verification Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: Shipped v2026.3.28 lacks a shared pre-auth concurrency budget on the public LINE webhook path, but the effect is...

OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes

Summary Unauthenticated plugin-auth HTTP routes receive operator runtime scopes Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still gives auth:"plugin" routes operator WRITESCOPE, but impact should stay limited to plugin routes that actually tou...

GHSA-MHGQ-XPFQ-6R66 OpenClaw: Unauthenticated plugin-auth HTTP routes receive operator runtime scopes

Summary Unauthenticated plugin-auth HTTP routes receive operator runtime scopes Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still gives auth:"plugin" routes operator WRITESCOPE, but impact should stay limited to plugin routes that actually tou...

CVE-2026-34833

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

CVE-2026-34833

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

EUVD-2026-18530

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has...

CVE-2026-34581 goshs has Auth Bypass via Share Token

goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2...

CVE-2026-34581

CVE-2026-34581 affects goshs, a SimpleHTTPServer written in Go. From version 1.1.0 up to before 2.0.0-beta.2, using a Share Token can bypass the intended restricted file download and grant full access, including code execution. This is mitigated in version 2.0.0-beta.2. Remediation: upgrade to 2....

CVE-2026-34581 goshs has Auth Bypass via Share Token

goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2...

CVE-2026-5339

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers...

OPENSUSE-SU-2026:20456-1 Security update for tinyproxy

This update for tinyproxy fixes the following issues: Changes in tinyproxy: - CVE-2026-3945: Fixed denial of service by unauthenticated remote attacker boo1261024 - Update to release 1.11.3 conf: add BasicAuthRealm feature basic auth: fix error status 401 vs 407 tinyproxy.conf.5: explain what a...