73993 matches found
CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...
CVE-2026-33758
CVE-2026-33758 affects OpenBao before 2.5.2. When OIDC/JWT auth is enabled and a role has callback_mode=direct, an XSS flaw exists in the error_description parameter during failed authentication, enabling access to the token used in the Web UI. The issue is fixed in v2.5.2; mitigation is to remov...
CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...
OESA-2026-1780 python-pyasn1 security update
Abstract Syntax Notation One ASN.1 is a technology for exchanging structured data in a universally understood, hardware agnostic way. Many industrial, security and telephony applications heavily rely on ASN.1. The pyasn1 library implements ASN.1 support in pure-Python. Security Fixes: The pyasn1...
OESA-2026-1773 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classifie...
OESA-2026-1734 pyOpenSSL security update
pyOpenSSL is a rather thin wrapper around a subset of the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Security Fixes: A security vulnerability exists in the PyOpenSSL library's...
CVE-2026-4340
REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...
CLSA-2026-1774611572 expat: Fix of CVE-2026-32778
CVE-2026-32778: fix NULL pointer dereference in setContext on retry after earlier out-of-memory...
SUSE CVE-2019-16227
An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursorinit1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed...
sqli
SQL Injection Write-up 🧪 1. Průzkum Do vyhledávacího pole...
SUSE-SU-2026:1102-1 Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes various security issues The following security issues were fixed: - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handleauthsessionkey bsc1255378. - CVE-2025-68285: libceph: fix potential use-after-free...
CVE-2026-29905
Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service DoS via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize function. When the system attempts to process this file for...
SUSE-SU-2026:1099-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. - CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...