CVE-2026-22680 OpenViking < 0.3.3 Missing Authorization via Task Polling

OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...

ROS-20260401-73-0006

A vulnerability in the pngimagereadcomposite function of the libpng library is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality and availability of protected information using a specially...

GHSA-747P-WMPV-9C78 AWS CLI: cli_history database does not restrict file permissions on Unix systems

Summary AWS CLI is a command line tool for interacting with AWS services. When the clihistory feature is enabled, the history database file is created with default permissions, potentially allowing other local users on a multi-user system to read the file. Impact When clihistory is enabled, AWS C...

CVE-2025-65238

Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information...

The vulnerability described in the structure of wwan_rtnl_link_ops{} within the drivers/net/wwan/wwan_core.c file of the Linux kernel allows a attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability described in the structure of wwanrtnllinkops within the drivers/net/wwan/wwancore.c file of the Linux kernel relates to reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of protected...

Astra Linux – Vulnerability in krb5

The vulnerability of the krb5chpwmessage function in the Kerberos authentication protocol is related to insufficient input validation. Exploiting this vulnerability allows an attacker to access confidential data and also cause service interruptions...

The vulnerability of the smb_inherit_dacl() function in the Linux operating system, related to writing beyond buffer boundaries, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the smbinheritdacl function in the Linux operating system is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the cachefiles_ondemand_daemon_read() function in the cachefiles file system of the Linux operating system allows a attacker to compromise the accessibility of protected information.

The vulnerability of the cachefilesondemanddaemonread function in the fs/cachefiles/ondemand.c file of the Linux kernel’s cachefiles file system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the accessibility of...

The vulnerability of the nft_expr_type_get() function in the netfilter component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the nftexprtypeget function in the net/netfilter/nftablesapi.c module of the Linux kernel’s netfilter component is related to concurrent access to resources race conditions. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, an...

The vulnerability of the io_commit_cring() function in the io_uring/io_uring.c module of the io_uring subsystem in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information, or to enhance their privileges.

The vulnerability of the iocommitcrying function in the iouring/iouring.c module of the iouring subsystem of the Linux operating system is related to a violation of synchronization mechanisms. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and...

SUSE CVE-2013-2633

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters...

Vulnerability of the prealloc_elems_and_frealist function (kernel/bpf/stackmap.c) in the Linux operating system’s kernel, which allows an attacker to access confidential information or cause a service failure

The vulnerability of the preallocelemsandfrealist function kernel/bpf/stackmap.c in the Linux operating system’s kernel is related to integer overflow. Exploiting this vulnerability could allow an attacker to access confidential information or cause service failures...

The vulnerability of the `lt_prediction` function in the `lt_predict.c` component of the Freeware Advanced Audio Decoder 2 (FAAD2) allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the ltprediction function in the ltpredict.c component of the Freeware Advanced Audio Decoder 2 FAAD2 is related to buffer overflow attacks. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service...

USN-3739-1 libxml2 vulnerabilities

Matias Brutti discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. CVE-2016-9318 It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of...

USN-3621-1 ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities

It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. CVE-2018-1000073 It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. CVE-2018-1000074 It w...

USN-3573-1 quagga vulnerabilities

It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2018-5379 It was discovered that the Quagga BGP daemon did not...

UBUNTU-CVE-2013-5653

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...

blogtorrent remote/local user password disclosure

noglobal security http://noglobal.secnet.org/ | |/ / | / | || || | ||| || | | || |/||||||/ You think you know? but you have no idea.. || | / Security Advisory 2005-0x00 Software: BlogTorrent 0.92 = Vendor: http://www.blogtorrent.com/ Author: LazyCrs && pjphem Date: 10/07/2005 Type: Remote/Local...