152 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007614)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007614 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data...
Flowise: Cypher Injection in GraphCypherQAChain
Summary The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletio...
GHSA-564F-WX8X-878H Vikunja read-only users can delete project background images via broken object-level authorization
Summary The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image. Details The RemoveProjectBackground handler pkg/modules/background/handler/background.g...
Vikunja read-only users can delete project background images via broken object-level authorization
Summary The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image. Details The RemoveProjectBackground handler pkg/modules/background/handler/background.g...
IBM DB2 Recovery Expert 安全漏洞
IBM DB2 Recovery Expert is a database recovery tool developed by IBM. Version 5.5 IF 2 of IBM Db2 Recovery Expert contains a security vulnerability. This vulnerability stems from an insecure mechanism used to verify data integrity during transmission, which could allow attackers to modify or...
[SECURITY] [DLA 4486-1] nova security update
Debian LTS Advisory DLA-4486-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara February 20, 2026 https://wiki.debian.org/LTS Package : nova Version : 2:22.4.0-1deb11u7 CVE ID : CVE-2026-24708 Debian Bug : 1128294 Dan Smith discovered that nova, a cloud...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Nova vulnerability (USN-8049-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8049-1 advisory. Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use th...
GHSA-M4F3-QP2W-GWH6 OpenStack Nova calls qemu-img without format restrictions for resize
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...
CVE-2026-24708
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...
CVE-2026-24708
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...
USN-8049-1: Nova vulnerability
Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use this issue to destroy data on the host system...
PT-2026-20566
Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use this issue to destroy data on the host system...
CVE-2021-31850
A denial-of-service vulnerability in Database Security DBS prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files i...
EUVD-2025-205801
RustFS has a gRPC Hardcoded Token Authentication Bypass...
CVE-2025-68926
RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable...
CVE-2025-68926 RustFS has a gRPC Hardcoded Token Authentication Bypass
RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable...
CVE-2025-68926
CVE-2025-68926 – RustFS hardcoded gRPC token authentication bypass . Affected RustFS versions prior to 1.0.0-alpha.78 expose a publicly visible hardcoded token, “rustfs rpc”, used for gRPC authentication on both client and server. The token is non-configurable and identical across deployments, en...
EUVD-2025-203741
In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data destruction and block mapping. The function ext4destroyinlinedatanolock changes the inode data layout by clearing EXT4INODEINLINEDATA and...
AZL-72469 CVE-2025-68261 affecting package kernel for versions less than 6.6.121.1-1
In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data destruction and block mapping. The function ext4destroyinlinedatanolock changes the inode data layout by clearing EXT4INODEINLINEDATA and...
CVE-2025-68261
CVE-2025-68261 concerns a race in ext4 where inline data destruction (ext4_destroy_inline_data_nolock) and block mapping (ext4_map_blocks) can concurrently modify inode layout, causing a state where EXT4_INODE_EXTENTS flag is observed incorrectly and triggers a kernel BUG in fs/ext4/indirect.c (l...