Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...

CVE-2026-41133

pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database...

PT-2026-34285

Name of the Vulnerable Software and Affected Versions CalJ versions prior to 1.6 Description The CalJ plugin for WordPress contains a missing authorization flaw. The CalJSettingsPage class constructor processes the 'save-obtained-key' operation from POST data without verifying if the user possess...

PowerDNS Recursor（pdns_recursor） 代码问题漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server developed by the Dutch company PowerDNS. There is a code vulnerability in PowerDNS Recursor. This vulnerability arises from the use of the zoneToCache function, where attackers can send zones that result in null pointer...

📄 Dovecot OTP Replay Attack

This Metasploit auxiliary module targets a vulnerability in Dovecot's OTP One-Time Password authentication system that allows potential replay attacks when authentication caching is enabled and username handling is improperly managed...

OpenFGA 安全漏洞

OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA prior to 1.14.1 contained a security vulnerability. This vulnerability arises from the use of cache conditions in certain scenarios, which may lead to two different chec...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013834)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013834 advisory. In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: don't delete error page from pagecache This change is very similar to the change that...

PowerDNS Recursor（pdns_recursor） 安全漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server developed by the Dutch company PowerDNS. There is a security vulnerability in PowerDNS Recursor, which stems from the ability of attackers to publish and query specially crafted zones, resulting in the allocation of large entries i...

PowerDNS DNSdist 缓冲区错误漏洞

PowerDNS DNSdist is a proxy software provided by PowerDNS, which offers capabilities for DNS traffic load balancing and security protection. PowerDNS DNSdist has a buffer error vulnerability. This vulnerability stems from custom Lua code that calls getDomainListByAddress or getAddressListByDomain...

PT-2026-34322

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

PT-2026-34424

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the btrfs file system where the BTRFS ROOT ORPHAN CLEANUP bit is not set during subvolume creation in the create subvol function. This can lead to a race condition...

PT-2026-34442

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A cached crafted response can cause an out-of-bounds read, which occurs when a program reads data outside the intended boundary of a buffer. This happens if cust...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A local elevation of privilege vulnerability exists in the Linux kernel, which stems from a flaw in the logic of the crypto: algifaead module when handling AEAD operations, and...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013778 advisory. In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUGON by blocking retries on failed device resumes A cache device failing to...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013430)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013430 advisory. In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path o...

SUSE SLES15 Security Update : flatpak (SUSE-SU-2026:1511-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1511-1 advisory. - CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox-expose options bsc1261769. - CVE-2026-34079: Arbitrary...

bind security update

9.18.33-10.0.2.el101.3 - Hard require needed openssl-libs Orabug: 38742109 - Fix warning when changing device file permissions Orabug: 36518580 32:9.18.33-10.3 - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 32:9.18.33-10.2 - Fix upstream reported regressio...

CVE-2026-41131 OpenFGA has Improper Policy Enforcement

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result f...

CVE-2026-41131

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result f...