GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. Vulnerabilities exist in versions of GitLab CE/EE 16.7 to 18.9.7, 18.10...

CVE-2026-33584

Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...

CVE-2026-33584

Summary: CVE-2026-33584 affects the Arqit Symmetric Key Agreement Platform, where the Keycloak management service is exposed, allowing unauthorized access to sensitive debug information (metrics and health data) for versions before 26.03. The CVSS 3.1 base score is 5.3 (MEDIUM) with network attac...

CVE-2026-33584 Arqit SKA-Platform Enables Access to Debug Information

Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...

CVE-2026-33584 Arqit SKA-Platform Enables Access to Debug Information

Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...

CLSA-2026-1778660100 binutils: Fix of CVE-2022-48063

CVE-2022-48063: fix excessive memory allocation in loadspecificdebugsection for corrupt ELF...

SUSE CVE-2026-43302

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...

SUSE CVE-2026-43377

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey log the session, signing, encryption, and decryption key bytes. Remo...

GHSA-8HF9-3Q64-Q2QF Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option

Summary When dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine's logging path. The logger opens the...

SUSE CVE-2023-43633

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system's configuration, which also includes some debug functions...

Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer

Summary The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers. When an error response is received, this information is included in the thrown...

openSUSE 16 Security Update : iproute2 (openSUSE-SU-2026:20696-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20696-1 advisory. Security issues fixed: - CVE-2024-58251: terminal lock up via ANSI terminal escape sequence set in argv0 bsc1254324. Other updates and bugfixes: - Fix...

CVE-2026-30495

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes Android Debug Bridge ADB on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binar...

CVE-2026-43377

A flaw was found in ksmbd in the Linux kernel. When KSMBDDEBUGAUTH logging is enabled, sensitive session, signing, encryption, and decryption key bytes are logged. This can lead to information disclosure, potentially exposing user credentials...

CVE-2026-41931

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

CVE-2026-43302

A flaw was found in the Linux kernel's V3D graphics driver. When the Direct Memory Access DMA Application Programming Interface API debug option is enabled, the kernel may report a segment size mismatch. This occurs because the 'maxsegsize' parameter is not correctly configured, leading to warnin...

EUVD-2026-28572

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...

CVE-2026-43377

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey log the session, signing, encryption, and decryption key bytes. Remo...

CVE-2026-43377

CVE-2026-43377 affects ksmbd in the Linux kernel where, under KSMBD_DEBUG_AUTH logging, generate_smb3signingkey() and generate_smb3encryptionkey() log session, signing, encryption, and decryption key bytes. The issue allows potential information disclosure by exposing credentials through verbose ...

CVE-2026-43302

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...