Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: KVM: s390 – Fixed an issue with validity checks when gisa is disabled. This issue occurs when gisa is disabled either by using the kernel parameter “kvm.usegisa=0” or by setting the related sysfs attribute to N echo N...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Do not recheck L1 intercepts when completing userspace I/O When completing emulation of instructions that generate a userspace exit for I/O, do not recheck L1 intercepts. This is because KVM has already completed that...

CVE-2026-47107

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

CVE-2026-47107

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

EUVD-2026-30958

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from a session fixation issue in the login endpoint. This vulnerability could allow unauthenticated attackers to intercept the authentication process,...

PT-2026-41986

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.703.2 Description Incorrect default permissions in nsjail sandbox configuration files allow the /etc directory to be bind-mounted without read-write restrictions. This enables authenticated users to write arbitrary...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: google-oauth-java-client (UTSA-2026-021491)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021491 advisory. PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorizatio...

GHSA-GQX7-6552-67HF Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client

Impact An attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects u ripukidpenc and uripukidpsig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge respons...

GHSA-5HHF-XMFX-4VVR epa4all-client: TLS Certificate Validation Disabled in Production

Impact An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient identifiers KVNR, SMC-B card operations authentication, signing, document content, and credential...

epa4all-client: TLS Certificate Validation Disabled in Production

Impact An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient identifiers KVNR, SMC-B card operations authentication, signing, document content, and credential...

CVE-2026-0249

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subn...

Rosemary 1.1.0

Rosemary is a cross-platform transparent tunneling platform designed for network pivoting. Unlike traditional tools that rely on TUN/TAP interfaces or require per-application proxy configuration like proxychains, Rosemary intercepts traffic at the kernel level...

PT-2026-41395

Name of the Vulnerable Software and Affected Versions epa4all-client versions prior to 1.2.2 Description An attacker positioned on the network path between the ePA service and the Konnektor can present any TLS certificate, such as self-signed, expired, or those with an incorrect Common Name CN, t...

CVE-2025-62311

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...

CVE-2025-62310

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions...

CVE-2025-62311

CVE-2025-62311 affects HCL AION. The issue involves backend service details potentially being transmitted over insecure HTTP channels, which may lead to exposure or unauthorized access during transmission under certain conditions. According to the included metrics, the CVSS3.1 base score is 4.3 (...

EUVD-2025-209854

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...

CVE-2025-62311 HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels.

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...

CVE-2026-4031 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Backup Interception

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wpdbtempdir parameter, which controls where database backups are written. This makes it possible for...