64 matches found
CVE-2026-49220
Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged user to execute arbitrary Javascript in the context of a logged-in Administrative user, resulting in numerous potential issues. The Client header durin...
CVE-2026-49220
CVE-2026-49220 affects Jellyfin up to version 10.11.8, where a vulnerability in the AuthenticateByName flow allows a non-privileged user to inject HTML/JavaScript in the Client header that executes in an Administrative user session when accessing a user’s detail from the dashboard. This is a user...
GHSA-X44P-GG67-52FC Duplicate Advisory: PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ffp3-3562-8cv3. This link is maintained to preserve external references. Original Description PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing...
CVE-2026-56074 PraisonAI - Tool Approval Cache Bypass via Coarse-Grained Caching
PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...
PT-2026-44159
Summary CustomReports uses inconsistent authorization between the report listing endpoint and the report detail endpoint. - The listing flow filters reports based on report-sharing rules - The detail flow only checks generic reports or reports config permissions As a result, a low-privileged...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: remoteproc: sysmon: fix memory leak in qcomaddsysmonsubdev The kfree function should be called when ofirqgetbyname fails or devmrequestthreadedirq fails in qcomaddsysmonsubdev. Otherwise, a memory leak will occur; therefore, addi...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: check the return value after calling platformgetresourcebyname. If platformgetresourcebyname returns NULL, it may lead to a null-ptr-deref issue. Therefore, we need to check the return value. Patchwork:...
[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.6.0-4.fc42
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-4.fc43
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
CVE-2026-43072
A flaw was found in the drm/vc4 component of the Linux kernel. The platformgetirqbyname function, which returns an integer that can indicate an error, was not properly validated before being passed to devmrequestthreadedirq. This oversight in error handling could potentially lead to system...
CVE-2026-43072
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: platformgetirqbyname returns an int platformgetirqbyname will return a negative value if an error happens, so it should be checked and not just passed directly into devmrequestthreadedirq hoping all will be ok...
CVE-2026-43072 drm/vc4: platform_get_irq_byname() returns an int
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: platformgetirqbyname returns an int platformgetirqbyname will return a negative value if an error happens, so it should be checked and not just passed directly into devmrequestthreadedirq hoping all will be ok...
CVE-2026-43072
CVE-2026-43072 affects the Linux kernel drm/vc4 code path: platform_get_irq_byname() may return a negative error value, which was previously passed directly to devm_request_threaded_irq() without proper checking. The issue has been resolved in updated kernel code, and multiple OS-specific advisor...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the platformgetirqbyname function returning an int value. This value is passed directly to the...
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment IDE, Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input...
PT-2026-30040
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a device node reference leak in the logicvc drm config parse function. The function calls of get child by name to find the "layers" node but fails to release th...
[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.5.2-15.fc43
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.5.2-13.fc42
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
CVE-2022-50888 remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio()
In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5wcssinitmmio q6v5wcssinitmmio will call platformgetresourcebyname that may fail and return NULL. devmioremap will use res-start as input, which may causes null-ptr-deref...
CVE-2022-50888 remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio()
In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5wcssinitmmio q6v5wcssinitmmio will call platformgetresourcebyname that may fail and return NULL. devmioremap will use res-start as input, which may causes null-ptr-deref...