CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

CVE-2026-26010 Leaky JWTs in OpenMetadata exposing highly-privileged bot users

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

CVE-2026-26010

OpenMetadata CVE-2026-26010 describes a leakage of JWTs through calls to /api/v1/ingestionPipelines from the UI, prior to version 1.11.8. Read-only users could obtain tokens used by the ingestion-bot for services such as Glue, Redshift, and Postgres, enabling access to a highly privileged Ingesti...

CVE-2026-24885

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...

CVE-2025-65128

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "nocommit" and supplying the...

kernel: drm/i915: Fix NULL ptr deref by checking new_crtc_state

A NULL pointer dereference vulnerability was found in the Intel i915 graphics driver in the Linux kernel. The intelatomicgetnewcrtcstate function can return NULL if the CRTC state was not previously obtained via intelatomicgetcrtcstate, but the return value was not checked before use. This leads ...

kernel: drm/i915: Fix NULL ptr deref by checking new_crtc_state

A NULL pointer dereference vulnerability was found in the Intel i915 graphics driver in the Linux kernel. The intelatomicgetnewcrtcstate function can return NULL if the CRTC state was not previously obtained via intelatomicgetcrtcstate, but the return value was not checked before use. This leads ...

kernel: drm/i915: Fix NULL ptr deref by checking new_crtc_state

A NULL pointer dereference vulnerability was found in the Intel i915 graphics driver in the Linux kernel. The intelatomicgetnewcrtcstate function can return NULL if the CRTC state was not previously obtained via intelatomicgetcrtcstate, but the return value was not checked before use. This leads ...

Leaky JWTs in OpenMetadata exposing highly-privileged bot users

Summary Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes...

CVE-2025-58466

CVE-2025-58466 affects QNAP QTS and QuTS hero: a use of uninitialized variable issue that can be exploited by an attacker with an administrator account to cause denial of service or alter control flow. Affected: QTS before 5.2.8.3332 build 20251128 and earlier; QuTS hero before h5.2.8.3321 build ...

CVE-2026-1094

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

UBUNTU-CVE-2026-1094

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

kernel: drm/i915: Fix NULL ptr deref by checking new_crtc_state

A NULL pointer dereference vulnerability was found in the Intel i915 graphics driver in the Linux kernel. The intelatomicgetnewcrtcstate function can return NULL if the CRTC state was not previously obtained via intelatomicgetcrtcstate, but the return value was not checked before use. This leads ...

CVE-2026-1094

Summary (CVE-2026-1094): GitLab CE/EE versions 18.8 prior to 18.8.4 were patched to address an issue where an authenticated developer could hide specially crafted file changes from the WebUI. The remediation is included in GitLab 18.8.4 (and later). The CVSSv3.1 base score is 4.6 (MEDIUM) with at...

CVE-2026-1094

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

CVE-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

CVE-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

CVE-2026-1094

Removed by vendor...

CVE-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI...

SUSE-SU-2026:0425-1 Security update for python313-wheel

This update for python313-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100...