FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the reliance on static MD5 hashes for the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013305 advisory. The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 Double-Hash...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011401)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011401 advisory. In the Linux kernel, the following vulnerability has been resolved: orangefs: fix xattr related buffer overflow... Willy Tarreau forwarded me a message from Disclosu...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011144)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011144 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix memory leak in ath11kpeerrxfragsetup cryptoallocshash allocates resources, whic...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007058)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007058 advisory. In the Linux kernel, the following vulnerability has been resolved: ftrace: Also allocate and copy hash for reading of filter files Currently the reader of...

PT-2026-33992

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APP KEY, which is exposed ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010727)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010727 advisory. The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 Double-Hash...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013283)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013283 advisory. In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. Tenable has extracted th...

SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:1478-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1478-1 advisory. Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism...

Quantum Computers Are Not a Threat to 128-bit Symmetric Keys

The advancing threat of cryptographically-relevant quantum computers has made it urgent to replace currently-deployed asymmetric cryptography primitives—key exchange ECDH and digital signatures RSA, ECDSA, EdDSA—which are vulnerable to Shor’s quantum algorithm. It does not, however, impact existi...

SUSE-SU-2026:1478-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

CLSA-2026-1776673982 binutils: Fix of 2 CVEs

CVE-2026-3441: heap OOB read via XTYLD xscnlen csect index - CVE-2026-3442: OOB read on rsymndx before symhashes indexing...

Exploit for Improper Certificate Validation in Wolfssl

CVE-2026-5194 - Security Vulnerability Quick Usage bas...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-40164)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-40164 advisory. - jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, j...

Cross-Site Request Forgery (CSRF)

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to weak CSRF token validation relying on hash collisions in String.hashCode, which allows an attacker to forge requests with colliding tokens and perform unauthorized actions without the victim’s consent...

SUSE CVE-2026-41080

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

Cross-site Request Forgery (CSRF)

Overview org.pac4j:pac4j-core is a pac4j is an easy and powerful security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF d...

EUVD-2026-23421

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

PAC4J has a Cross-Site Request Forgery (CSRF) Vulnerability

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...