CVE-2026-30842

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, Wallos allows an authenticated user to delete avatar files uploaded by other users. The avatar deletion endpoint does not verify that the requested avatar belongs to the current user. As a result, any...

EUVD-2026-0752

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989777)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989777 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of...

CVE-2025-6519 Consistent predictable generation of the password for the default admin user "ONEDAY" to the application services

E3 Site Supervisor firmware version 2.31F01 has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user...

bpf: Allow delete from sockmap/sockhash only if update is allowed

...

UBUNTU-CVE-2021-30159

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain "fast double move" situations. MovePage::isValidMoveTarget uses FOR UPDATE, but it's only called if Title::getArticleID returns non-zero...