GHSA-2GR4-PPC7-7MHX CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...

CVE-2026-2408

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

CVE-2026-2408

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

CVE-2026-2408

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

CVE-2026-2408 Use-after-free in Cloud Workloads

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

CVE-2026-2408 Use-after-free in Cloud Workloads

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

CVE-2026-2408

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

CVE-2026-2408

Technical details for CVE-2026-2408 are not publicly provided in the supplied documents. The entries only state a use-after-free vulnerability in the Cloud Workloads Enforce client extension. Monitor for updates from vendors and CVE feeds.

PT-2026-20956

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

EUVD-2019-6216

Malware in sbrugna...

Multiple vulnerabilities in Firebird client extension

...

BIT-LIBPHP-2021-21704 Multiple vulnerabilities in Firebird client extension

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...

org.apache.syncope.ext.oidcclient:syncope-ext-oidcclient-client-enduser (>=2.0.10 <=2.0.14), org.apache.syncope.ext.saml2sp:syncope-ext-saml2sp-client-enduser (>=2.0.10 <=2.0.14) potentially affected by CVE-2019-17557 via org.apache.syncope.client:syncope-client-enduser (>=2.0.10 <=2.0.14)

org.apache.syncope.client:syncope-client-enduser MAVEN version =2.0.10, =2.0.10, =2.0.10, =2.0.14 Source cves: CVE-2019-17557 Source advisory: OSV:GHSA-6QJ8-C27W-RP33...

CVE-2021-21704 Multiple vulnerabilities in Firebird client extension

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...

CVE-2019-15150

In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function...

CVE-2019-15150

In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function...