GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

CVE-2026-2401

CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker...

CVE-2026-34296

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2026-2104

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks...

CVE-2026-4524

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper...

CVE-2024-8010

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...

CVE-2024-36315

Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality...

PT-2026-46299

Impact The DynamicClientRegistrationControllerregister action hard-codes confidential: false when creating applications dynamic client registration controller.rb:18-25, yet the response includes a client secret and advertises token endpoint auth methods supported: "client secret basic", "client...

CVE-2026-45679

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate...

Dstack-Capsule: Pod-Level Remote Attestation for Confidential Workloads on Kubernetes

The rise of LLM-as-a-Service and other confidential cloud workloads demands cryptographic proof that user data is processed in a trusted, untampered environment. Existing solutions, notably Confidential Containers CoCo, enforce a strict "one Pod per VM" model that attests only the Guest OS stack,...

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 3.2.2, there were security...

Formal Verification of Secure Encrypted Virtualization

Trusted execution environments TEEs provide a secure environment for data and code in use, ensuring that they are protected with respect to confidentiality and integrity. Virtual machine VM-based TEEs utilize virtualization technology to create isolated execution spaces that can support a complet...

ROS-20260529-73-0020

The vulnerability of the cURL command-line utility lies in the use of an uninitialized resource. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

CVE-2026-40166

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the clientsecret of confidential OAuth2 providers they have previously authenticated against, exposing...

EUVD-2026-31490

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the clientsecret of confidential OAuth2 providers they have previously authenticated against, exposing...

CVE-2026-40166

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the clientsecret of confidential OAuth2 providers they have previously authenticated against, exposing...

CVE-2026-40166

authentik contains an elevation of privilege in its OAuth2 access_tokens API (GET /api/v3/oauth2/access_tokens/) where authenticated non-admin users with at least one OAuth2 access token can retrieve the client_secret of confidential providers they previously authenticated against. This exposed i...

CVE-2026-40166 authentik: Non-admin user can retrieve confidential OAuth client_secret via /api/v3/oauth2/access_tokens/

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the clientsecret of confidential OAuth2 providers they have previously authenticated against, exposing...

PT-2026-42826

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions 2026.2.0-rc1 through 2026.2.2 Description Authenticated non-admin users possessing at least one OAuth2 access token can retrieve the client secret of confidential OAuth2 providers they...

Linux Distros Unpatched Vulnerability : CVE-2026-4524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...