CVE-2026-28677

OpenSift prior to v1.6.3-alpha exposed an SSRF vulnerability in the URL ingest pipeline due to incomplete destination restrictions on user-controlled URLs. In non-localhost deployments, credentialed URLs, non-standard ports, and cross-host redirects created abuse paths. The issue has been patched...

CVE-2026-25566

WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially...

CVE-2026-25566 WeKan < 8.19 Cross-board Card Move Without Destination Authorization

WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially...

CLSA-2024-1721206783 freerdp: Fix of 12 CVEs

CVE-2023-39352: add bound check in gdiSolidFill - CVE-2023-39353: check indices are within range - CVE-2023-39356: fix checks for multi opaque rect - CVE-2023-40181: fix cBitsRemaining calculation - CVE-2023-40186: fix integer multiplications - CVE-2023-40188: fix input length validation -...