Improper Access Control

github.com/1panel-dev/1panel is vulnerable to improper access control. The vulnerability is due to trusting all proxy IPs in Gin’s default configuration, which allows an attacker to spoof the X-Forwarded-For header and bypass IP-based security controls...

wger has Broken Access Control in Global Gym Configuration Update Endpoint

Summary wger exposes a global configuration edit endpoint at /config/gym-config/edit implemented by GymConfigUpdateView. The view declares permissionrequired = 'config.changegymconfig' but does not enforce it because it inherits WgerFormMixin ownership-only checks instead of the project’s...

CVE-2026-40504 Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

Cross-site Scripting (XSS)

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Cross-site Scripting XSS via the jsxAttr and JSX attribute rendering paths in src/jsx/jsx-runtime.ts, src/jsx/base.ts, and src/jsx/dom/render.ts. An attacker can inject executable markup ...

[SECURITY] Fedora 43 Update: cef-146.0.11^chromium146.0.7680.177-2.fc43

CEF is an embeddable build of Chromium, powered by WebKit Blink...

LLM4C2Rust: Large Language Models for Automated Memory-Safe Code Transpilation

Memory safety has long been a critical challenge in software engineering, particularly for legacy systems written in memory-unsafe languages such as C and C++. Rust, one of the youngest modern programming languages, offers built-in memory-safety guarantees that make it a strong candidate for secu...

RHEL 9 : .NET 9.0 (RHSA-2026:8474)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8474 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Security Updates for Microsoft .NET Framework (February 2026)

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2025-55248 Note that...

RHEL 8 : .NET 10.0 (RHSA-2026:8473)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8473 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

MCP Framework 安全漏洞

MCP Framework is a TypeScript framework developed by Alex Andru as a building block for context protocols. Versions of the MCP Framework prior to 0.2.21 contained security vulnerabilities. These vulnerabilities stemmed from the readRequestBody function in HTTP transmissions, which concatenated th...

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to an inverted time comparison in the OIDC JWKS and token cache processes. An attacker can cause expired tokens to be reused or force repeated network requests to the OIDC provider by...

GHSA-XMJ9-7625-F634 Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache

Affected Components - DSF FHIR Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server API v2 process plugins using FHIR client connections with configured OIDC authentication. Summa...

Data Sharing Framework is Missing Session Timeout for OIDC Sessions

Affected Components DSF FHIR Server with enabled OIDC authentication. DSF BPE Server with enabled OIDC authentication. Summary OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. Impact If...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the DSF FHIR and BPE Servers with enabled OIDC authentication due to the lack of session timeout enforcement in OIDC browser sessions. An attacker can gain unauthorized access to a user's session by...

aero.m-click:mcpdf (>=0.2.3 <=0.2.10), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +20634 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk15on (>=1.49 <=1.70)

org.bouncycastle:bcpkix-jdk15on MAVEN version =1.49, =0.2.3, =4.4.0.0, =0.1.12, =0.1.2, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.3.0, =0.3.1-rc2 and more Source cves: CVE-2026-5588 Source advisory: OSV:GHSA-WG6Q-6289-32HP...

VeriCWEty: Embedding Enabled Line-Level CWE Detection in Verilog

Large Language Models LLMs have shown significant improvement in RTL code generation. Despite the advances, the generated code is often riddled with common vulnerabilities and weaknesses CWEs that can slip by untrained eyes. Attackers can often exploit these weaknesses to fulfill their nefarious...

EUVD-2026-22404

Microsoft Security Advisory CVE-2026-26171 – .NET Denial of Service Vulnerability...

EUVD-2026-22635

Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability...

Microsoft Security Advisory CVE-2026-33116 – .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in System.Security.Cryptography.Xml. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in...

EUVD-2026-22562

Microsoft Security Advisory CVE-2026-32178 – .NET Spoofing Vulnerability...