CVE-2026-40259

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...

CVE-2026-40259

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...

CVE-2026-40259

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...

EUVD-2026-9793

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before...

CVE-2025-46556

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters due to a lack of server-side validation of note length. Once such a note is added,...

EUVD-2022-54960

In the Linux kernel, the following vulnerability has been resolved: block: fix rq-qos breakage from skipping rqqosdonebio a647a524a467 "block: don't call rqqosops-donebio if the bio isn't tracked" made bioendio skip rqqosdonebio if BIOTRACKED is not set. While this fixed a potential oops, it also...

Fedora 41 : exiv2 (2025-e1ae3d4ed9)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e1ae3d4ed9 advisory. Exiv2 0.28.6 + patch to fix silent abi breakage ---- Exiv2 v0.28.6 Fixes two low severity CVEs Tenable has extracted the preceding description block...

Fedora 42 : exiv2 (2025-387e64c9fd)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-387e64c9fd advisory. Exiv2 0.28.6 + patch to fix silent abi breakage ---- Exiv2 v0.28.6 Fixes two low severity CVEs Tenable has extracted the preceding description block...

UBUNTU-CVE-2025-38435

In the Linux kernel, the following vulnerability has been resolved: riscv: vector: Fix context save/restore with xtheadvector Previously only v0-v7 were correctly saved/restored, and the context of v8-v31 are damanged. Correctly save/restore v8-v31 to avoid breaking userspace...

CVE-2025-38435

In the Linux kernel, the following vulnerability has been resolved: riscv: vector: Fix context save/restore with xtheadvector Previously only v0-v7 were correctly saved/restored, and the context of v8-v31 are damanged. Correctly save/restore v8-v31 to avoid breaking userspace...

CVE-2022-49266 block: fix rq-qos breakage from skipping rq_qos_done_bio()

In the Linux kernel, the following vulnerability has been resolved: block: fix rq-qos breakage from skipping rqqosdonebio a647a524a467 "block: don't call rqqosops-donebio if the bio isn't tracked" made bioendio skip rqqosdonebio if BIOTRACKED is not set. While this fixed a potential oops, it also...

CVE-2022-49266

CVE-2022-49266 (Linux kernel) : The vulnerability arises in the block layer where the patch that prevents calling rq_qos_done_bio() for untracked bios caused blk-iocost to mis-handle merged bios, leaving them “in-flight.” The fix adds a new flag BIO_QOS_MERGED to mark merged bios and ensures rq_q...

PT-2024-31552 · Alf.Io · Alf.Io

Name of the Vulnerable Software and Affected Versions: alf.io versions prior to 2.0-M5 Description: The issue concerns an open source ticket reservation system for events. Prior to version 2.0-M5, the preloaded data as JSON is not escaped correctly. This allows an administrator or event admin to...

kernel update

4.18.0-553.5.1.el810.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32...

SUSE: Security Advisory (SUSE-SU-2023:4287-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-29409 Large RSA keys can cause high CPU usage in crypto/tls

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to = 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three...

CVE-2022-2590

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system...

SUSE: Security Advisory (SUSE-SU-2021:4063-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-41061

In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption within the ieee820154_security component is reported to allow attackers to break encryption by triggering reboots. The Red Hat entry confirms the same CVE-2021-41061 description. No explicit vendor patch or versioned remediation details are p...

F5 Nginx 信任管理问题漏洞

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 Inc. distributed under the BSD-like protocol. F5 Nginx is vulnerable to a trust management issue that stems from the presence of an ALPACA Application Layer Protocol Content Obfuscation attack, whic...