PT-2026-45485

Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspace id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project...

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

CVE-2025-68269

In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication allowing an attacker to take over user accounts by exploiting the lack of a confirmation step when linking a social account to an already authenticated user. Remediation Upgrade joelbutcher/socialstream to versio...

The vulnerability of the Safari browser, which allows a hacker to compromise the security of information.

The vulnerability of Safari browser extensions lies in the lack of a confirmation request required for replacing existing extensions. Exploiting this vulnerability allows a malicious actor to compromise the security of information remotely...