CVE-2026-42183

A flaw was found in Argo Workflows. This flaw, a nil pointer dereference in the rbacAuthorization function, affects Single Sign-On SSO users. When SSODELEGATERBACTONAMESPACE is enabled, an authenticated SSO user whose claims match a namespace-level Role-Based Access Control RBAC rule but not an...

SUSE CVE-2026-33220

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

EUVD-2026-23000

Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository...

CVE-2026-33220

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

PYSEC-2026-153

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

PYSEC-2026-153

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

CVE-2026-33220

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

PT-2026-33115

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this featur...

Server-side Request Forgery (SSRF)

Overview @clerk/backend is a Clerk Backend SDK - REST Client for Backend API & JWT verification utilities Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the clerkFrontendApiProxy function. An attacker can obtain secret keys by crafting a request path that...

n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no

Impact When the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server could intercept the connection and present a fraudulent host key,...

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

CVE-2026-27195

Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...

CVE-2026-24772

OpenProject is an open-source, web-based project management software. To enable the real time collaboration on documents, OpenProject 17.0 introduced a synchronization server. The OpenPrioject backend generates an authentication token that is currently valid for 24 hours, encrypts it with a share...

PT-2026-5179

Name of the Vulnerable Software and Affected Versions OpenProject versions 17.0.0 through 17.0.1 Description OpenProject is a web-based project management software. A synchronization server was introduced in version 17.0.0 to enable real-time collaboration on documents. The server does not proper...

SUSE CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

CVE-2024-34716

PrestaShop is an open source e-commerce web application. A cross-site scripting XSS vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled throu...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the system.enableCrossNamespaceCommands when it is enabled on by default. An attacker can perform unauthorized actions in a different namespace by submitting workflow task commands that target namespaces othe...

EUVD-2025-203680

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problem...

UBUNTU-CVE-2025-68250

In the Linux kernel, the following vulnerability has been resolved: hungtask: fix warnings caused by unaligned lock pointers The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned to use their lower bits for type encoding. However, as reported by Eero Tamminen, some...

CVE-2025-68250 hung_task: fix warnings caused by unaligned lock pointers

In the Linux kernel, the following vulnerability has been resolved: hungtask: fix warnings caused by unaligned lock pointers The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned to use their lower bits for type encoding. However, as reported by Eero Tamminen, some...