CVE-2026-25742

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

Do not get high(jacked) off your own supply (chain)

In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a "chaos-as-a-service" group that injected...

CVE-2026-35216

Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution RCE on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required to trigger the...

CVE-2026-23460

In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...

UBUNTU-CVE-2026-23454

In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in manahwcdestroychannel by reordering teardown A potential race condition exists in manahwcdestroychannel where hwc-callerctx is freed before the HWC's Completion Queue CQ and Event Queue EQ are...

UBUNTU-CVE-2026-23460

In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...

CVE-2026-25118 immich-server: Insecure Transmission of Authentication Credentials via Password Parameter in HTTP Request Query String When Accessing Shared Albums

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...

CVE-2026-23460

CVE-2026-23460 (Linux kernel) affects the Rose (net/rose) path. The bug occurs when a second connect() is issued while a first connect is in progress (state TCP_SYN_SENT); rose_get_neigh() may return NULL, leaving rose->state ROSE_STATE_1 with neighbour NULL, and on socket close rose_transmit_...

CVE-2026-23442

The CVE-2026-23442 issue affects the Linux kernel’s IPv6 SRv6 handling. Specifically, __in6_dev_get() may return NULL when a device has no IPv6 configuration (e.g., MTU too small or after NETDEV_UNREGISTER), which could lead to NULL pointer dereferences in seg6_hmac_validate_skb() and ipv6_srh_rc...

CVE-2026-35540

A flaw was found in Roundcube Webmail. Insufficient sanitization of Cascading Style Sheets CSS in HTML e-mail messages may allow a remote attacker to perform Server-Side Request Forgery SSRF or disclose sensitive information. This can occur if malicious stylesheet links within an e-mail point to...

JLSEC-2026-36

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's...

JLSEC-2026-48

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

JLSEC-2026-29

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption...

JLSEC-2026-30

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

JLSEC-2026-26

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportuni...

GHSA-W846-74JR-76CV Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke...

CVE-2026-35543

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content with animate attributes in an e-mail message. This may lead to information disclosure or access-control bypass...

GHSA-JFQX-FXH3-C62J Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Impact On Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login...

Unquoted Search Path or Element

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Unquoted Search Path or Element in the app.setLoginItemSettings function on Windows when the executable pat...

Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Impact On Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login...