CVE-2026-31946 OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...

CVE-2026-31946

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...

CVE-2026-31946 OpenOLAT: Authentication bypass via forged JWT in OIDC implicit flow

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. From version 10.5.4 to before version 20.2.5, OpenOLAT's OpenID Connect implicit flow implementation does not verify JWT signatures. The JSONWebToken.parse method silently discards the...

PT-2026-29122

Name of the Vulnerable Software and Affected Versions OpenOlat versions 10.5.4 through 20.2.4 Description OpenOlat is a web-based e-learning platform. The OpenID Connect implicit flow implementation does not verify JSON Web Token JWT signatures. The JSONWebToken.parse method discards the signatur...

Authentication Bypass by Primary Weakness

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the SOAP API due to improper type checking on the password parameter. An attacker can gain unauthorized access to user accounts by sending a crafted...

CVE-2026-32129 Poseidon V1 variable-length input collision via implicit zero-padding

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

CVE-2026-32129

The CVE-2026-32129 entry concerns soroban-poseidon PoseidonSponge (Poseidon V1) used in Soroban smart contracts. It states that PoseidonSponge accepts variable-length inputs without injective padding, and when inputs.len() k yields the same pre-permutation state as hashing [m1,...,mk,0], making ...

CVE-2026-32129 Poseidon V1 variable-length input collision via implicit zero-padding

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

Two Frames Matter: A Temporal Attack for Text-To-Video Model Jailbreaking

Recent text-to-video T2V models can synthesize complex videos from lightweight natural language prompts, raising urgent concerns about safety alignment in the event of misuse in the real world. Prior jailbreak attacks typically rewrite unsafe prompts into paraphrases that evade content filters...

CVE-2024-34680

Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information...

CVE-2024-34636

Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information...

CVE-2025-14731

A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CTParser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a...

openSUSE 16 Security Update : binutils (openSUSE-SU-2025:20150-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20150-1 advisory. Changes in binutils: - Update to current 2.45 branch at 94cb1c075 to include fix for PR33584 a problem related to LTO vs fortran COMMON blocks. ...

SUSE-SU-2025:4096-1 Security update for binutils

This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: New versioned release of libsframe.so.2 s390: tools now support SFrame format 2; recognize 'z17' as CPU name bsc1247105, jscIBM-1485 sframe sections are n...

CLSA-2025-1763032400 mod_jk: Fix of CVE-2023-41081

CVE-2023-41081: fix authentication bypass by removing implicit mapping functionality in modjk...

EUVD-2025-104588

Malicious code in implicitflyingfishz3n npm...

EUVD-2025-104589

Malicious code in implicitboarz3n npm...

EUVD-2025-91155

Malicious code in implicitvicunaz3n npm...

kernel: RDMA/mlx5: Fix implicit ODP use after free

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP use after free Prevent double queueing of implicit ODP mr destroy work by using xacmpxchg to make sure this is the only time we are destroying this specific mr. Without this change, we could try to...

EUVD-2025-76599

Malicious code in implicitamphibian-apptea npm...