10978 matches found
[SECURITY] Fedora 43 Update: gstreamer1-vaapi-1.26.11-1.fc43
A collection of GStreamer plugins to let you make use of VA API video acceleration from GStreamer applications. Includes elements for video decoding, display, encoding and post-processing using VA API subject to hardware limitations...
Linux kernel å®å Øę¼ę“
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a flaw in differential encoding validation, potentially leading to cyclic creation...
PT-2026-29627
Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description CI4MS fails to properly sanitize user-controlled input within System Settings ā Company Information. Several administrative configuration fields, including Company Name, Slogan, Company Phone, Compa...
Automated Framework to Evaluate and Harden LLM System Instructions against Encoding Attacks
System Instructions in Large Language Models LLMs are commonly used to enforce safety policies, define agent behavior, and protect sensitive operational context in agentic AI applications. These instructions may contain sensitive information such as API credentials, internal policies, and...
PT-2026-29489
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc7-next-20260127 Description The Linux kernel contains a flaw within the apparmor subsystem, specifically in the match char macro. This macro incorrectly evaluates its character parameter multiple times...
PT-2026-29492
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw in its AppArmor implementation related to differential encoding verification. This flaw allowed for the creation of loops if abused, potentially leading...
Ubuntu: Security Advisory (USN-8136-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2026-29626
Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description CI4MS, a CodeIgniter 4-based CMS, is susceptible to a stored Cross-site Scripting XSS issue within the System Settings ā Social Media Management section. The application does not properly sanitize...
ROS-20260401-73-0001
A vulnerability in the HTML Style Checker module of RoundCube Webmail is related to incorrect encoding or escaping of output data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
Cross-site Scripting (XSS)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the jsonToFormElements process in admin/functions.php when user-controlled plugin configuration values are rendered in HTML forms witho...
CVE-2026-27599
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings ā Mail Settings. Several configuration...
FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability
Technical Description The OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the buildurl method. When an OpenAPI...
GHSA-3X2W-63FP-3QVW SciTokens has an Authorization Bypass via Path Traversal in Scope Validation
Summary The Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library normalizes both the authorized path from the token and the requested path from the...
SciTokens has an Authorization Bypass via Path Traversal in Scope Validation
Summary The Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library normalizes both the authorized path from the token and the requested path from the...
CVE-2026-34396
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...
EUVD-2026-17634
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...
CVE-2026-34396 AVideo: Stored XSS via Unescaped Plugin Configuration Values in Admin Panel
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...
CVE-2026-3106 Multiple vulnerabilities in Teampass
Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseƱa' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...
BIT-MASTODON-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>'
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. An attacker can craft a specially encode...
PT-2026-29355
Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The AVideo admin panel does not properly encode plugin configuration values when rendering them in HTML forms. The jsonToFormElements function in admin/functions.php directly interpolates...