EUVD-2026-29116

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

PT-2026-39656

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

CVE-2026-38568

HireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/ and /interview/ endpoints. The route handlers retrieve records by the user-supplied ID without verifying that the requesting user is the owner or has an authoriz...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fixed strbuf array overflow issue. The values of the variables xres and yres are stored in strbuf. These variables are derived from strbuf1. The strbuf1 array contains digit characters; if the array contains non-dig...

CVE-2026-31767

A flaw was found in the drm/i915/dsi module of the Linux kernel. Incorrect horizontal timing adjustments for Display Stream Compression DSC in command mode can lead to a division-by-zero error. This occurs when the adjusted horizontal total htotal becomes too small, causing the kernel to crash wh...

CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode

In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode Stop adjusting the horizontal timing values based on the compression ratio in command mode. Bspec seems to be telling us to do this only in video mode, and...

CVE-2026-31767

Summary: CVE-2026-31767 relates to the Linux kernel DRM/i915/dsi path and fixes an issue where DSC horizontal timing adjustments were applied in command mode, potentially causing a div-by-zero when calculating vtotal. The underlying fix prevents adjusting htotal based on compression ratio in comm...

CVE-2026-3999

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations...

EUVD-2026-11772

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations...

CVE-2026-3999

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations...

CVE-2026-3999 Broken access control vulnerability affecting ID Server

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations...

CVE-2026-3999

CVE-2026-3999 describes a broken access control vulnerability that can enable an authenticated user to perform horizontal privilege escalation in certain configurations of the ID Server. The CVSS 4.0 metrics indicate high impact on confidentiality and integrity, with privilege level Low and no us...

CVE-2026-3999

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations...

Pointsharp ID Server 安全漏洞

Pointsharp ID Server is an identity and access management server provided by the Swedish company Pointsharp. There is a security vulnerability present in Pointsharp ID Server, which stems from improper access control mechanisms. This vulnerability may lead to the escalation of permissions...

PT-2026-25162

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations...

USN-8018-2: Python regression

USN-8018-1 fixed vulnerabilities in python3. That update introduced regressions. The patches for CVE-2025-15366 and CVE-2025-15367 caused behavior regressions in IMAP and POP3 handling, which upstream chose to avoid by not backporting them. Additionally, the patch for CVE-2026-0865 incorrectly...

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

CVE-2026-27954

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...