CVE-2026-57520

Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: shaper: Protection against late creation of hierarchies. We retrieve the netdev during the preparation of Netlink operations before callbacks. We then take a reference to it. Later, within the body of the callback, we acquir...

Astra Linux – Vulnerability in xorg-server

A flaw was discovered in the X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can lead to a heap buffer overflow condition, which may result in an application...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: UDF: Detection of system inodes linked into the directory hierarchy When the UDF filesystem is corrupted, hidden system inodes may be linked into the directory hierarchy. This can lead to further serious corruption of the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cgroup: Split cgroupdestroywq into 3 workqueues A hang can occur during 1 LTP cgroup testing when repeatedly mounting/unmounting perfevent and netprio controllers with systemd.unifiedcgrouphierarchy=1. The hang manifests in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop a new packet when sch-limit == 0. Expected behavior: If the scheduler’s limit is reached, pfifotailenqueue will drop a packet from the scheduler’s queue and decrease the scheduler’s qlen by one. Then,...

CVE-2026-47197

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...

EUVD-2026-36414

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...

CVE-2026-47197 Quest Bot: Discord moderation role hierarchy bypass in ban, kick, mute, unmute, warn, and nickname commands

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...

CVE-2026-47197 Quest Bot: Discord moderation role hierarchy bypass in ban, kick, mute, unmute, warn, and nickname commands

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...

CVE-2026-47197

CVE-2026-47197 concerns the Quest Bot for Discord. Before version 1.1.6, a moderator who has the relevant Discord permission can use the bot to moderate users who are higher in the Discord role hierarchy, provided the bot itself outranks the target. This bypasses Discord’s normal role hierarchy p...

PT-2026-48860

Name of the Vulnerable Software and Affected Versions Quest Bot versions prior to 1.1.6 Description A moderator possessing the necessary Discord permission bit can utilize the bot to perform moderation actions on users who are higher in the Discord role hierarchy, provided the bot itself has a...

VMware Spring for GraphQL 访问控制错误漏洞

VMware Spring for GraphQL is a GraphQL application development framework provided by the American company VMware. Versions of VMware Spring for GraphQL such as 2.0.0 and earlier, 1.4.0 and earlier, 1.3.0 and earlier, as well as 1.0.0 and earlier, have a access control vulnerability. This...

PT-2026-48627

Name of the Vulnerable Software and Affected Versions Spring for GraphQL versions 1.0.0 through 1.0.6 Spring for GraphQL versions 1.3.0 through 1.3.8 Spring for GraphQL versions 1.4.0 through 1.4.5 Spring for GraphQL versions 2.0.0 through 2.0.3 Description The annotation detection mechanism for...

PT-2026-45061

Summary The Platform server exposes resources under /api/v1/workspaces/workspace id/... and protects them with a require workspace memberworkspace id FastAPI dependency. The dependency only checks that the caller is a member of the workspace id in the URL prefix. The route handlers then look up t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: fbdev: Fixed the issue of unregistering framebuffers without a device. Framebuffers in OF do not have a underlying device in the Linux device hierarchy. Instead of hot-unplugging such non-existent devices, a regular unregister...

Malicious code in @antv/hierarchy (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

1g6table (=0.1.0), 7qb (=0.0.17) +1705 more potentially affected by unknown CVE via @antv/hierarchy (>=0.1.2 <=0.7.1)

@antv/hierarchy NPM version =0.1.2, =1.1.0, =1.0.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.1.43, =5.0.48, =0.1.0, =0.5.0-alpha.0, =0.5.1-alpha.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVHIERARCHY-16755057...

1g6table (=0.1.0), 7qb (=0.0.17) +1705 more potentially affected by unknown CVE via @antv/hierarchy (>=0.1.2 <=0.7.1)

@antv/hierarchy NPM version =0.1.2, =1.1.0, =1.0.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.1.43, =5.0.48, =0.1.0, =0.5.0-alpha.0, =0.5.1-alpha.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVHIERARCHY-16754885...