13648 matches found
CVE-2025-71300 Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"
In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...
CVE-2026-42278
UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...
CVE-2026-42278
UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...
CVE-2026-42278 UltraDAG: Smart Account Spending Policy Bypass via Pockets
UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...
CVE-2026-42278
CVE-2026-42278 affects UltraDAG (Rust) and specifically the SmartTransferTx policy enforcement path. Before commit fb6ef59, a transaction originating from a Pocket (a derived sub-address) could bypass spending controls because the pocket’s parent account wasn’t resolved before evaluating the spen...
CVE-2026-42278 UltraDAG: Smart Account Spending Policy Bypass via Pockets
UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...
PT-2026-38965
CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto sign open caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7...
PT-2026-39141
Name of the Vulnerable Software and Affected Versions RELATE versions prior to commit 2f68e16 Description A timing attack exists in the check sign in key function within the course/auth.py file. A timing attack is a side-channel attack where an attacker attempts to compromise a system by analyzin...
PT-2026-39212
Name of the Vulnerable Software and Affected Versions Postiz versions prior to commit da44801 Description A Pwn Request issue in the Build and Publish PR Docker Image workflow located in '.github/workflows/pr-docker-build.yml' allows unauthenticated users to execute arbitrary code during the Dock...
PT-2026-38662
Name of the Vulnerable Software and Affected Versions UltraDAG versions prior to commit fb6ef59 Description The StateEngine implementation of SmartTransferTx contains a logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address used to...
CVE-2026-44244
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...
ECHO-A2CB-9FEB-100C From https://github.com/nltk/nltk/pull/3468 (merge commit 1056b32).
Bulletin has no description...
ECHO-85D4-7FA8-A8C9 From https://github.com/nltk/nltk/commit/89fe2ec2c6bae6e2e7a46dad65cc34231976ed8a
Bulletin has no description...
JLSEC-2026-457
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfntinitface...
JLSEC-2026-458
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNTSizeRequest...
CVE-2026-41505
RELATE is a web-based courseware package. Prior to commit 2f68e16, auth.py's make_sign_in_key() and exam.py's gen_ticket_code() generate predictable tokens, enabling potential exploitation across a network without user interaction. The issue is marked in CVSS 3.1 as HIGH (AV:N/AC:H/PR:N/UI:N/S:C/...
CVE-2026-41505
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's makesigninkey function and exam.py's genticketcode function. This issue has been patched via commit 2f68e16...
EUVD-2026-28379
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's makesigninkey function and exam.py's genticketcode function. This issue has been patched via commit 2f68e16...
CVE-2026-41505 RELATE: Predictable Token Generation in auth.py and exam.py
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's makesigninkey function and exam.py's genticketcode function. This issue has been patched via commit 2f68e16...
PT-2026-38544
Name of the Vulnerable Software and Affected Versions grokability snipe-it versions prior to 8.4.1 Description Insecure permissions allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component. Users with permissions to view assets or...