BIT-MONGODB-2026-6915 Flaw in the updateUser Command May Allow Unauthorized Configuration Change

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account...

SUSE-SU-2026:21598-1 Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before...

BIT-JRE-2024-20922

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

Longitudinal Analyses of SAST Tools: A CodeQL Case Study

Open-source software OSS pipelines rely on automated static analysis tools to prevent the introduction of vulnerabilities in code. However, there is limited understanding of the efficacy of these tools across the OSS ecosystem over time. In this paper, we introduce a novel method to evaluate stat...

PT-2026-39202

Name of the Vulnerable Software and Affected Versions Emlog versions prior to 2.6.11 Description Missing Cross-Site Request Forgery CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions. These actions include system...

SysReptor 安全漏洞

SysReptor is an open-source penetration testing report platform developed by Syslifters. Versions of SysReptor prior to 2026.29 contained security vulnerabilities. These vulnerabilities stemmed from the ability of users with administrator privileges to change the email addresses of users with...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the on-the-fly decryption of ESP inputs within shared skb fragments, potentially leading to data...

CVE-2025-14341

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

SUSE CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

GHSA-4CX3-3C38-J9VV katalyst-koi: Session cookies can be replayed after user logout

Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...

Weblate 代码问题漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17.1 had a code-related vulnerability. This vulnerability occurred when users changed their passwords, and the DRF API tokens were not revoked...

container: pf Rule Injection via Domain Name Argument in `container system dns create --localhost` Command

The container system dns create --localhost command accepts a domainName argument and passes it unsanitized into the pf anchor file /etc/pf.anchors/com.apple.container as a comment in a rule line. A domain name containing a newline character breaks out of the comment context and injects an...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the gRPC management server. An attacker can access sensitive BGP configuration and manipulate routing decisions by sending unauthorized gRPC requests from any pod within the cluster. This...

EUVD-2025-209705

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

CVE-2025-31974

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

CVE-2025-31974 HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

CVE-2025-31974

CVE-2025-31974 affects HCL BigFix Service Management (SM). The connected documents describe a vulnerability where the root filesystem is not mounted as read-only, which could allow unintended modifications to critical system components and potentially increase the risk of system compromise or una...

EUVD-2025-209687

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...

CVE-2025-31957

HHCL BigFix Service Management SM is affected by a Cross‑Site Request Forgery CSRF vulnerability. This could lead to unauthorized changes or exposure of sensitive data...