SUSE CVE-2026-23517

Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server...

kernel: netfilter: xt_tcpmss: check remaining length before reading optlen

A flaw was found in the Linux kernel, specifically within the netfilter: xttcpmss module. A remote attacker could exploit this vulnerability by sending a specially crafted TCP packet. The TCP option parser does not properly validate the remaining option length, which results in an out-of-bounds...

kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...

PT-2026-50487

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains an authorization flaw in its prompt version-history endpoints. While the system authorizes the prompt id provided in the URL, it fails to verify that the requested history...

PT-2026-50431

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager versions prior to 4.8 Description An unauthenticated attacker with remote access can exploit the inclusion of functionality from an untrusted control sphere, which may lead to information disclosure. Recommendations Upda...

PT-2026-50533

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description When configured using GRPCRoutes, an authenticated remote attacker with permissions to create or modify GRPCRoute resources can cause the control plane to terminate. This occurs ...

PT-2026-50362

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Room Air Conditioners affected versions not specified Mitsubishi Electric Wireless LAN Adapters for Packaged Air Conditione...

PT-2026-50488

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains a Broken Object Level Authorization BOLA issue in the builtin search knowledge files function. BOLA occurs when an application does not properly verify if a user has permission...

PT-2026-50476

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'base-migration' endpoint accepts a caller-supplied URL that the migration worker dereferences without enforcing the protocol or destination. This allows for scheme abuse, such as using file: ...

PT-2026-50482

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An authenticated user can attach arbitrary file id values to their own chat messages because the system fails to verify if the user owns or has read access to those files. By sharing the chat and...

Security Update for Microsoft Visual Studio Code (June 2026)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.123.2. It is, therefore, affected by multiple vulnerabilities: - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. CVE-2026-47281 -...

ROS-20260617-73-0020

The vulnerability in ImageMagick is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...

ROS-20260617-73-0019

The vulnerability in ImageMagick 7 is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

GHSA-CR4G-F395-H25H Gitea: Token scope bypass on web archive download endpoint

Summary PR 37698 added checkDownloadTokenScope to /raw/, /media/, and attachment download web endpoints. The /archive/ endpoint repo.Download in routers/web/repo/repo.go:372 was not included in the fix. This endpoint accepts OAuth2 tokens via webAuth.AllowOAuth2 registered at...

CVE-2026-48797

Backpropagate is a Python library for fine-tuning LLMs on a single GPU. In versions 1.1.0 and 1.1.1, the Reflex web UI exposes a training control plane without authentication, allowing dataset upload, model load, training control, multi-run orchestration, GGUF export, and HuggingFace Hub push. Th...

n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions

Impact When @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the user, can establish an MCP session and invoke browser-control tools. Whe...

CVE-2026-48616

CVE-2026-48616 affects Rocket.Chat Livechat file downloads in multiple legacy branches (versions

n8n: Microsoft SQL Node Prototype Pollution

Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype process-wide for the lifetime of the n8n server process, causing...

EUVD-2026-37203

Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...

EUVD-2026-37202

Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...