PT-2026-40442

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...

KLA91044 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Denial of...

Access Control Bypass

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Access Control Bypass via insufficient authorization checks in the API endpoints handling user-owned objects and shared server features. An attacker can gain unauthorized access to other users' private...

GHSA-H2X2-Q2MC-24GW pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

CVE-2026-42613

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registration is enabled and groups or access are included in the...

CVE-2026-42613 Grav: Privilege Escalation via Missing Server-Side Validation of groups/access

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registration is enabled and groups or access are included in the...

CVE-2026-42613

Grav’s Login plugin vulnerability CVE-2026-42613 arises from missing server-side validation of attacker-controlled groups and access fields in the registration flow. Prior to 2.0.0-beta.2, if registration is enabled and groups or access are allowed in the configured fields, an unauthenticated use...

CVE-2026-34087

CVE-2026-34087 affects Wikimedia Foundation OATHAuth. The connected documents confirm the issue is an exposure of sensitive information to an unauthorized actor, with affected OATHAuth versions listed as before 1.43.7, 1.44.4, 1.45.2. The exploitation status is not provided in the sources. There ...

PT-2026-39623

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description An authorization issue in server mode affects the Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fail to filter user-owned objects by the...

pgAdmin 访问控制错误漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 contained an access control vulnerability. This vulnerability stemmed from an authorization flaw, which could allow authenticated users to access other users’...

CVE-2026-7916

An insufficient data validation flaw was found in the InterestGroups component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498720754...

GHSA-2887-F3V6-6RJF Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp

A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...

Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp

A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...

SUSE CVE-2026-43148

In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: Add check for kcalloc failure in parsethreadgroups As kcalloc may fail, check its return value to avoid a NULL pointer dereference when passing it to ofpropertyreadu32array...

CVE-2023-42345

A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...

PT-2026-38974

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix zero vruntime tracking fix John reported that stress-ng-yield could make his machine unhappy and managed to bisect it to commit b3d99f43c72b "sched/fair: Fix zero vruntime tracking". The combination of yield and...

PT-2026-38989

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Btrfs file system where qgroup ioctls do not reserve sufficient space for transaction items. Instead, they perform a transaction join, which fails to reserve space...

Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroups

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Linux Distros Unpatched Vulnerability : CVE-2026-43148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerpc/smp: Add check for kcalloc failure in parsethreadgroups As kcalloc may fail, check its return value to avoid a NULL pointer dereference when passing it ...