73991 matches found
OpenUI 安全漏洞
OpenUI is an open-source UI program developed byWeights & Biases. Versions of OpenUI 1.0 and earlier contained security vulnerabilities, which were caused by incorrect handling of parameter keys, potentially leading to information leakage through error messages...
Linux Distros Unpatched Vulnerability : CVE-2026-23305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocketprobe When rocketcoreinit fails as could ...
Linux Distros Unpatched Vulnerability : CVE-2026-23399
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nftables: nftdynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFPATOMIC fails, then t...
EUVD-2026-16232
Kirby CMS has Persistent DoS via Malformed Image Upload...
GHSA-CW7V-45WM-MCF2 Withdrawn Advisory: Kirby CMS has Persistent DoS via Malformed Image Upload
Duplicate Advisory This advisory has been withdrawn because it is been determined to not be a vulnerability. This link is maintained to preserve external references. Original Description Summary Kirby CMS through version 5.1.4 allows an authenticated user with Editor permissions to cause a...
Withdrawn Advisory: Kirby CMS has Persistent DoS via Malformed Image Upload
Duplicate Advisory This advisory has been withdrawn because it is been determined to not be a vulnerability. This link is maintained to preserve external references. Original Description Summary Kirby CMS through version 5.1.4 allows an authenticated user with Editor permissions to cause a...
Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Summary When a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. The runtime then immediately invokes the result as a function, causing an unhandled TypeError: ... is not ...
SUSE-SU-2026:1136-1 Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.25 fixes various security issues The following security issues were fixed: - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. - CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass...
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error in the plugins privilege validation. An attacker can gain unauthorized access to sensitive plugin privileges by installing a malicious plugin that exploits the privilege comparison logic. - Remediation Upgrade...
CVE-2026-33758
A flaw was found in OpenBao. Installations that have an OIDC/JWT authentication method enabled with a role configured to use callbackmode=direct are vulnerable to XSS via the errordescription parameter on the page for a failed authentication. This allows an attacker to access the token used by an...
python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Summary An issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions. 1. ecdsa.der.removeoctetstring accepts truncated DER where the encoded length exceeds the available buffer. For example, an OCTET STRING that declares a length of 40...
GHSA-VVXM-VXMR-624H Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
Summary An unsanitised filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including the server's absolute DATADIR path — is returned verbatim in the HTTP 400 response body, confirming information...
CVE-2026-33758
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...
Security update for redis
This update for redis fixes the following issue: a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:1122-1 Security update for redis
This update for redis fixes the following issue: - a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706...
CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...
CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...
CVE-2026-33758
CVE-2026-33758 affects OpenBao before 2.5.2. When OIDC/JWT auth is enabled and a role has callback_mode=direct, an XSS flaw exists in the error_description parameter during failed authentication, enabling access to the token used in the Web UI. The issue is fixed in v2.5.2; mitigation is to remov...
CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...
OESA-2026-1780 python-pyasn1 security update
Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...