78 matches found
Astra Linux – Vulnerability in Jetty9
In Eclipse Jetty versions 9.4.0 through 9.4.46, and 10.0.0 through 10.0.9, as well as 11.0.0 through 11.0.9, the parsing of the authority segment of an http scheme URI causes the Jetty HttpURI class to incorrectly detect an invalid input as a hostname. This can lead to failures in a Proxy scenari...
MINI-PPWM-GP46-RXV7
Bulletin has no description...
SUSE SLES15 Security Update : kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:2158-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2158-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.184 fixes various security issues The following security issues were fixed: ...
GHSA-2XF4-CG6J-VHGQ symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form
Description symfony/polyfill-intl-idn provides a userland implementation of idntoutf8 and idntoascii for runtimes that lack the intl extension. Its Idn::process method decodes labels prefixed with xn-- using Punycode but never enforces the validity criterion added in UTS 46 revision 33 Section 4...
Astra Linux – Vulnerability in binutils
A vulnerability has been discovered in GNU Binutils 2.45. The affected element is the function elfswapshdr in the bfd/elfcode.h library of the Linker component. Manipulation of this function leads to a heap-based buffer overflow. This attack must be carried out locally. The exploit has been...
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
Google has made Device Bound Session Credentials DBSC generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in a...
CVE-2026-39415
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...
EUVD-2026-20603
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...
CVE-2026-22735
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...
Unity Linux 20.1070a Security Update: binutils (UTSA-2026-006232)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006232 advisory. A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The...
CVE-2025-69644
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless...
CVE-2025-69649
GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...
PT-2026-7473
Name of the Vulnerable Software and Affected Versions cryptography versions prior to 46.0.5 Description The public key from numbers or EllipticCurvePublicNumbers.public key, EllipticCurvePublicNumbers.public key, load der public key, and load pem public key functions do not validate that the...
CVE-2026-21946
...
CVE-2026-23626 Kimai Vulnerable to Authenticated Server-Side Template Injection (SSTI)
Kimai is a web-based multi-user time-tracking application. Prior to version 2.46.0, Kimai's export functionality uses a Twig sandbox with an overly permissive security policy DefaultPolicy that allows arbitrary method calls on objects available in the template context. An authenticated user with...
Astra Linux – Vulnerability in binutils
A vulnerability was identified in GNU Binutils 2.45. The function getlinkhashentry in the bfd/elflink.c file of the Linker component is affected by this vulnerability. This manipulation causes an out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed...
binutils: GNU Binutils Linker heap-based overflow
A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...
CVE-2025-71063
Errands before 46.2.10 does not verify TLS certificates for CalDAV servers...
CVE-2023-31133
Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute...
binutils: GNU Binutils Linker heap-based overflow
A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally...