CVE-2026-9371

CVE-2026-9371 affects ItzCrazyKns Vane up to 1.12.1, specifically the API route.ts functionality where a missing authentication check exists. The vulnerability arises from missing authentication in that component, enabling remote manipulation. The issue is described as having a high attack comple...

CVE-2026-7844

CVE-2026-7844 concerns the chatchat-space Langchain-Chatchat project up to version 0.3.1.3. The vulnerability resides in the Compatible File Service, specifically the function set in libs/chatchat-server/chatchat/server/api_server/openai_routes.py (delete_file, as well as related file endpoints l...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ath11k: pci: fix crash on suspend if board file is not found Mario reported that the kernel was crashing on suspend if ath11k was not able to find a board file: 473.693286 PM: Suspending system s2idle 473.693291 printk: Suspendin...

CLSA-2026-1777313322 vim: Fix of 3 CVEs

CVE-2021-4173: fix double free in Vim9 nested :def function definition - CVE-2022-3352: fix use-after-free when SpellFileMissing autocmd deletes the current buffer during spell file loading - CVE-2022-2343: fix heap buffer overflow in inscompladdinfercase when completing a long line with...

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

Failing Open

Overview Affected versions of this package are vulnerable to Failing Open in plugin installation, when signature verification is required, but the .prov file is missing. An attacker can execute arbitrary code by providing a malicious plugin archive that omits provenance data, thereby bypassing...

Linux Distros Unpatched Vulnerability : CVE-2026-27586

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS clie...

UBUNTU-CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

CVE-2026-27586

Summary (CVE-2026-27586): Caddy prior to 2.11.1 has two swallowed errors in ClientAuthentication.provision() that cause mTLS client authentication to silently fail open when the CA certificate file is missing, unreadable, or malformed. The server starts and accepts client certs signed by any syst...

CVE-2026-27586 Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

CVE-2026-27586 Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

CVE-2026-25725

CVE-2026-25725 affects Claude Code prior to 2.1.2, where the bubblewrap sandbox failed to protect the .claude/settings.json file if it did not exist at startup. The parent directory was writable and .claude/settings.local.json was protected, but settings.json could be created inside the sandbox a...

CVE-2025-65397

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

EUVD-2000-0884

Malware in sbrugna...

Improper Check or Handling of Exceptional Conditions

Overview datahihi1/tiny-env is a simple environment variable loader for PHP applications Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions due to the loading of environment variables without requiring the .env file to exist. An attacker can...

CVE-2025-58758 TinyEnv: Missing .env file not required — may cause unexpected behavior

TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration,...

PT-2025-36952

Name of the Vulnerable Software and Affected Versions: TinyEnv versions 1.0.1 through 1.0.2 TinyEnv versions 1.0.9 through 1.0.10 Description: TinyEnv did not require the .env file to exist when loading environment variables. This could lead to unexpected behavior where the application silently...

Linux Distros Unpatched Vulnerability : CVE-2022-34009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fossil 2.18 on Windows allows attackers to cause a denial of service daemon crash via an XSS payload in a ticket. This occurs because the ticket data is stored ...

Linux Distros Unpatched Vulnerability : CVE-2024-1351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to...

Linux Distros Unpatched Vulnerability : CVE-2024-26147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin...