CVE-2026-9791 Keycloak-rhel9: organization data leak after feature disabled in keycloak

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

EUVD-2026-25174

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-20732

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege when OceReducedNeighborReport is disabled. User interaction is not needed for exploitation...

PT-2025-41231

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A flaw exists in JhumanJ OpnForm up to version 1.9.3, specifically within the Form Editor component. This issue involves manipulation of the /api/open/forms/ file, leading to cross site scriptin...

CentralSquare eTRAKiT.Net SQL injection vulnerability

RISK EVALUATION eTRAKiT is a public online portal that provides the public with easily accessible information related to permits, projects, licenses, code compliance, land, and inspections. An SQL injection vulnerability in the CRM feature of eTRAKiT.net release 3.2.1.77 allows a remote,...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as community, email, and chat rooms. Discourse suffers from a security vulnerability that stems from the fact that users may still be contacted under certain circumstances eve...

CVE-2024-55946 Playloom Engine Data Storage Vulnerability

Playloom Engine is an open-source, high-performance game development engine. Engine Beta v0.0.1 has a security vulnerability related to data storage, specifically when using the collaboration features. When collaborating with another user, they may have access to personal information you have...

Netscaler Gateway: ERR_CONNECTION_RESET when Accessing Gateway Vserver

When accessing Netscaler Gateway, we see ERRCONNECTIONRESET on the browser. Further, when we take a packet capture on Netscaler, we can see the Netscaler resetting the connection with Reset Code Window 9821. Further on checking the reason for this reset, we can understand this is due to the SSL...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a SIE validity issue that may be encountered when GISA is disabled...

PT-2024-40103 · Osv · Osv

Name of the Vulnerable Software and Affected Versions: OSV affected versions not specified Description: The issue concerns the behavior of the "remember me" function when it is disabled by the developer. If a user had previously logged in with the "remember me" box checked, any pre-existing cooki...

App protection setup issue

Error in configuring App Protection using the following guide: https://docs.citrix.com/en-us/tech-zone/learn/poc-guides/app-protection-policies.html. When running the below commandlet to enable app protection: Set-BrokerDesktopGroup -Name Applicationprotection - $true Error is displayed saying th...

Remote code execution

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionalit...

CVE-2022-41956 Autolab is vulnerable to file disclosure via remote handin feature

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature,...

CVE-2022-41956 Autolab is vulnerable to file disclosure via remote handin feature

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature,...

PT-2021-20956 · Hitachi Energy · Rtu500 Series Cmu Firmware

Name of the Vulnerable Software and Affected Versions: Hitachi Energy RTU500 series CMU Firmware version 12.0. Hitachi Energy RTU500 series CMU Firmware version 12.2. Hitachi Energy RTU500 series CMU Firmware version 12.4. Description: The issue is related to an Improper Input Validation...

Windows 10 update history

Windows 10 update history Updates for Windows 10 initial version released July 2015 Windows 10 is a service, which means it gets better through periodic software updates.The great news is you usually don’t have to do anything! If you have enabled automatic updates, new updates will automatically...

[SECURITY] [DLA 1404-1] lava-server security update

Package : lava-server Version : 2014.09.1-1+deb8u1 CVE ID : CVE-2018-12564 CVE-2018-12564 Using the feature to add URLs in the submit page, a user might be able to read any file on the server that is readable by lavaserver and consists of valid yaml. So with this patch the feature is disabled...

SUSE-SU-2016:0119-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client's private key through the roaming feature bsc961642 - CVE-2016-0778: A malicious or compromised server could could trigger a...

CVE-2015-1936

The administrative console in IBM WebSphere Application Server WAS 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter...