CVE-2026-43983

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function oidcservice.go validates the refresh token's cryptographic integrity but does not re-validate the user's current authorization state befor...

CVE-2026-43983

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function oidcservice.go validates the refresh token's cryptographic integrity but does not re-validate the user's current authorization state befor...

CVE-2026-43983

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function oidcservice.go validates the refresh token's cryptographic integrity but does not re-validate the user's current authorization state befor...

EUVD-2026-29482

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function oidcservice.go validates the refresh token's cryptographic integrity but does not re-validate the user's current authorization state befor...

PT-2026-40035

Name of the Vulnerable Software and Affected Versions Pocket ID versions prior to 2.6.0 Description The createTokenFromRefreshToken function in oidc service.go validates the cryptographic integrity of refresh tokens but fails to re-verify the user's current authorization state before issuing new...

PT-2026-39035

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel within the remove nh grp entry function. The system publishes a new group using rcu assign pointer and immediately frees the removed...

Linux Distros Unpatched Vulnerability : CVE-2026-43374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: nexthop: fix percpu use-after-free in removenhgrpentry When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer...

CVE-2026-41128 Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action

Craft CMS is a content management system CMS. In versions 5.6.0 through 5.9.14, the actionSavePermissions endpoint allows a user with only viewUsers permission to remove arbitrary users from all user groups. While saveUserGroups enforces per-group authorization for additions, it performs no...

CVE-2026-39335

ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...

EUVD-2026-19812

ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...

CVE-2026-39335

ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1...

EUVD-2024-2296

Malicious code in bioql PyPI...

DEBIAN-CVE-2023-53187

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of new block group that became unused If a task creates a new block group and that block group becomes unused before we finish its creation, at btrfscreatependingblockgroups, then when btrfsmarkbgunused ...

PT-2025-33307

Name of the Vulnerable Software and Affected Versions: AIDE versions 0.13 through 0.19.1 Description: AIDE, an advanced intrusion detection environment, contains a null pointer dereference issue. An attacker can crash the program during report printing or database listing after setting extended...

CVE-2025-49845

Discourse has a vulnerability (CVE-2025-49845) where users on versions prior to 3.4.6 (stable) or 3.5.0.beta8-dev (tests-passed) can still view their own whispers after losing visibility to posts typed whisper. The issue is fixed in 3.4.6 and 3.5.0.beta8-dev. No publicly provided workarounds are ...

CVE-2023-53052

In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refreshcacheworker The UAF bug occurred because we were putting DFS root sessions in cifsumount while DFS cache refresher was being executed. Make DFS root sessions have same lifetime as DFS tcons ...

DEBIAN-CVE-2023-53052

In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refreshcacheworker The UAF bug occurred because we were putting DFS root sessions in cifsumount while DFS cache refresher was being executed. Make DFS root sessions have same lifetime as DFS tcons ...

UBUNTU-CVE-2025-22083

In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhostscsisetendpoint If vhostscsisetendpoint is called multiple times without a vhostscsiclearendpoint between them, we can hit multiple bugs found by Haoran Zhang: 1. Use-after-free...

SUSE CVE-2025-23208

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

CVE-2022-48895

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hit the correct spot for the reboot while ther...