CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

PT-2026-34849

Name of the Vulnerable Software and Affected Versions Kyverno versions prior to 1.17.2 Kyverno versions prior to 1.16.4 Description An unchecked type assertion in the forEach mutation handler allows a user with permissions to create a Policy or ClusterPolicy to cause the cluster-wide background...

📄 MISP 2.5.27 Workflow Engine Cross Site Scripting

This Metasploit auxiliary module targets a potential stored cross site scripting vulnerability in the MISP Workflow Engine. It is designed to interact with the MISP API, create workflows, and inject malicious payloads into workflow data fields...

Cisco Identity Services Engine Remote Code Execution Vulnerability (regreSSHion) (cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Identity Services Engine is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Identity Services Engine due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a underflow in the reference counting mechanism used in intelengineparkheartbeat. This...

PT-2026-35008

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free and refcount underflow can occur in the drm/i915/gt component. This happens when the heartbeat worker and the intel engine park heartbeat function race to release the sa...

CVE-2026-29197

In versions 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing authenticated users without the proper permissions to read apps-engine logs...

CVE-2026-29197

Rocket.Chat: RBAC bypass in App logs endpoints due to a typo in the required permission check. Affected versions include <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and

GHSA-J88V-2CHJ-QFWX vulnerabilities

Vulnerabilities for packages: openbao, cerbos, step-ca, openfga, sftpgo-plugin-eventsearch, step-issuer, azure-service-operator, gitaly, cloudnative-pg, jitsucom-bulker, telegraf, timescaledb-parallel-copy, wal-g, grafana-alloy, dapr, keda, spicedb, sftpgo-plugin-eventstore, gitlab-kas, juicefs,...

OPENSUSE-SU-2026:20621-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.10.0 ESR. - MFSA 2026-32 bsc1262230: CVE-2026-6746: Use-after-free in the DOM: Core & HTML component CVE-2026-6747: Use-after-free in the WebRTC component CVE-2026-6748: Uninitialized memory ...

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.27.1 Release.

Red Hat OpenShift Dev Spaces 3.27.1 has been released. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.27 release is based on...

USN-8180-4 linux-azure-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

dmaengine: idxd: Fix memory leak when a wq is reset

...

hospital-waf-mcp

Hospital WAF Management System Release: v1.0.0 Languag...

SUSE CVE-2026-31440

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking event log memory During the device remove process, the device is reset, causing the configuration registers to go back to their default state, which is zero. As the driver is checking if the event log...

Luanti 代码注入漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti from 5.0.0 to 5.15.2 had a code injection vulnerability. This vulnerability stemmed from the ability of malicious mods to escape the sandbox Lua environment, potentially...

SocialEngine SQL注入漏洞

SocialEngine is a content management platform developed by SocialEngine Company in India, designed for supporting community interactions and building social networks. SocialEngine versions 7.8.0 and earlier contained an SQL injection vulnerability. This vulnerability stemmed from the text paramet...

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

CVE-2026-33656

EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an authenticated admin to overwrite the sourceId field on Attachment entities. Because sourceId is...

CVE-2026-41171

Squidex (open source headless CMS) Versions prior to 7.23.0 are affected by an SSRF vulnerability in the Jint HTTP client used by scripting functions (e.g., getJSON, request). An authenticated user with low privileges can force the server to make arbitrary outbound HTTP requests to attacker-contr...