CVE-2026-49443 authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

CVE-2025-71230 hfs: ensure sb->s_fs_info is always cleaned up

In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb-sfsinfo is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocated by...

CVE-2025-68755

In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging. Specifically, commit 723de0f9171e "staging: most: remove device from...

xfrm: interface: fix use-after-free after changing collect_md xfrm interface

...

CVE-2022-43110

CVE-2022-43110 affects Voltronic Power ViewPower up to 1.04-21353 and PowerShield Netguard up to 1.04-23292. An unauthenticated remote attacker can configure the system via an unspecified web interface, including changing the web admin password, viewing/changing system configuration, enumerating ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly saving host FPSIMD/SVE/SME state, which could lead to a QEMU crash or ptrace ABI change...

UBUNTU-CVE-2024-27410

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data i...

KLA11576 Spoofing vulnerability in Microsoft Dynamics

A cross-site-scripting XSS vulnerability was found in Microsoft Dynamics. Malicious users can exploit remotely via specially crafted web request to spoof user interface. Original advisories CVE-2019-1375 Related products Microsoft-Dynamics-365 CVE list CVE-2019-1375 warning KB list 4515519 Soluti...

Crea8Social 2.0 - Cross-Site Scripting Change Interface

Exploit Title: Crea8Social v.2.0 XSS Change Interface Google Dork: intext:Copyright © 2014 CreA8social. Date: January 3, 2015 Exploit Author: r0seMary Vendor Homepage: http://crea8social.com Software Link: http://codecanyon.net/item/crea8social-php-social-networking-platform-v20/9211270 or...

Double-clicking a link can unexpectedly run a program from the Internet

When a user clicks a link on a Web page that points to an executable file, Opera will show a download dialog to allow the user to download it. The dialog will allow the user to choose to run the executable directly. If the user accidentally double clicks, the second click will activate whatever i...

Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery

Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/28593/info Parallels Virtuozzo Containers is prone to a cross-site request-forgery vulnerability. Exploiting the issue will allow a remote attacker to...