CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...

GHSA-8G29-8XWR-QMHR @grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling

Impact JSON.parseenv.adapterConfig is called without error handling in three locations within the gRPC service. While the data originates from the server's own SQLite database and should always be valid JSON, database corruption, migration errors, or unexpected state could cause an unhandled...

@grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling

Impact JSON.parseenv.adapterConfig is called without error handling in three locations within the gRPC service. While the data originates from the server's own SQLite database and should always be valid JSON, database corruption, migration errors, or unexpected state could cause an unhandled...

SUSE CVE-2025-71073

In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbdinterrupt schedules lk-tq via schedulework, and the work handler lkkbdreinit dereferences the lkkbd structure and its serio/inputdev fields. lkkbddisconnect and error...

PT-2026-2594

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the handling of pending work in the lkkbd driver. Specifically, the lkkbd interrupt function schedules a task via schedule work, and the...

UBUNTU-CVE-2023-54038

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: return ERRPTR instead of NULL when there is no link hciconnectsco currently returns NULL when there is no link i.e. when hciconnlink returns NULL. scoconnect expects an ERRPTR in case of any error see line 266...

CVE-2024-3547

The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'googleconnecterror' parameter in all versions up to, and including, 1.5.102 due to insufficient input sanitization and output escaping. This makes it...

PT-2025-30857

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the network block device nbd module. Specifically, the nbd genl connect function does not properly stop the device on certain erro...

WordPress plugin Unlimited Elements For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Emulive Server4 7560 Remote Denial of Service Exploit

No description provided by source. !/usr/bin/perl EmuLive Server4 Commerce Edition Build 7560 Remote crash proof of conecpt code. When the machine running Server4 recieves a malformed request on TCP port 66 it crashes very hard! GulfTech Security http://www.gulftech.org use IO::Socket; unless...