CVE-2026-7459

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

CVE-2026-7459

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

EUVD-2026-33455

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

CVE-2026-7459

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

CVE-2026-7459 Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

PT-2026-45088

Name of the Vulnerable Software and Affected Versions Simple History versions prior to 5.26.1 Description The Simple History plugin for WordPress allows authenticated users with Subscriber-level permissions or higher to take over accounts. The issue exists in the event reaction endpoints...

CVE-2026-32235

An allowlist bypass flaw has been discovered in the npm @backstage/plugin-auth-backend package. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured allowedRedirectUriPatterns are affected. A specially crafted redirect URI can pass th...

CVE-2026-32235

Summary of CVE-2026-32235 (Backstage plugin-auth-backend) : The experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass before version 0.27.1. When experimental Dynamic Client Registration or Client ID Metadata Documents are enabled and allowe...

CVE-2026-32235 @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass

Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents a...

CVE-2026-32235

Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents a...

Open Redirect

Overview @backstage/plugin-auth-backend is an A Backstage backend plugin that handles authentication Affected versions of this package are vulnerable to Open Redirect via the OAuth redirect URI validation bypass. An attacker can intercept authorization codes by crafting a redirect URI that bypass...

CVE-2026-27468

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

OPENSUSE-RU-2026:20161-1 Recommended update for hauler

This update for hauler fixes the following issues: Changes in hauler: - Update to version 1.4.1 bsc1256546, CVE-2026-22772: fixed typos for containerd imports 493 fix and support containerd imports of hauls 492 bump github.com/sigstore/fulcio 489 - Update to version 1.4.0: added/updated logging f...

Security update for alloy

This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents bsc1251509. CVE-2025-47913: golang.org/x/crypto: early client process termination...

EUVD-2020-18698

Malware in sbrugna...

EUVD-2023-43064

Malicious code in bioql PyPI...

EUVD-2023-34968

Malicious code in bioql PyPI...

SUSE-SU-2024:4300-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: - CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency bsc1233856 Other fixes: - Updated to 20.18.1: Experimental Network Inspection Support in Node.js Exposes X509VFLAGPARTIALCHAIN to tls.createSecureContext New...

SUSE-SU-2024:0643-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.11.1: security updates CVE-2024-21892: Code injection and privilege escalation through Linux capabilities bsc1219992. CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks...

Tuesday June 20 2023 Security Releases

Tuesday June 20 2023 Security Releases Update 20-June-2023 Security releases available Updates are now available for all supported Node.js release lines for the following issues. OpenSSL Security updates This security release includes the following OpenSSL security updates OpenSSL security adviso...