EUVD-2026-2788

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...

CVE-2026-23511 ZITADEL has a user enumeration vulnerability in Login UIs

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...

GHSA-PVM5-9FRX-264R Zitadel has a user enumeration vulnerability in Login UIs

Summary A user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames and userIDs. Impact The login UIs in version 1 and 2 provide the possibility...

PT-2026-3070

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This...

PT-2026-3095

Name of the Vulnerable Software and Affected Versions ZITADEL versions prior to 4.9.1 ZITADEL versions prior to 3.4.6 Description ZITADEL is an open source identity management platform. A user enumeration issue exists in the login interfaces. An unauthenticated attacker can determine the existenc...

CVE-2026-22240

The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the...

CVE-2026-22238 Administrator Account Creation Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable admin API to create a new user with admin privileges. Successful...

CVE-2026-22237

The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability...

CVE-2025-66698

An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints...

CVE-2025-37165

A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets...

CVE-2025-37165

CVE-2025-37165 concerns HPE Instant On Access Points. The issue is in router mode configuration that could disclose internal network configuration details to unintended interfaces by inspecting impacted packets. Affected component: router mode configuration; root cause: misconfiguration allowing ...

CVE-2025-37165 Exposure of VLAN information in unintended network interfaces

A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets...

CVE-2025-37165 Exposure of VLAN information in unintended network interfaces

A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets...

CVE-2025-71082

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: revert use of devmkzalloc in btusb This reverts commit 98921dbd00c4e "Bluetooth: Use devmkzalloc in btusb.c file". In btusbprobe, we use devmkzalloc to allocate the btusb data. This ties the lifetime of all the...

CVE-2025-71082

The CVE affects the Linux kernel Bluetooth BTUSB path. The root cause is using devm_kzalloc in btusb_probe, which ties btusb data lifetime to a single driver interface, causing unsafe frees on disconnect when multiple interfaces exist. The fix is to revert to explicit memory freeing (don’t use de...

CVE-2025-71082 Bluetooth: btusb: revert use of devm_kzalloc in btusb

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: revert use of devmkzalloc in btusb This reverts commit 98921dbd00c4e "Bluetooth: Use devmkzalloc in btusb.c file". In btusbprobe, we use devmkzalloc to allocate the btusb data. This ties the lifetime of all the...

Astra Linux – Vulnerability in Firefox

Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1...

Authentication Bypass

Ollama is vulnerable to an Authentication Bypass. The vulnerability is due to where critical model management APIs are exposed without access controls, allowing remote attackers to perform unauthorized operations without authentication...

MiracleLinux 7 : libvirt-4.5.0-36.5.0.1.el7.AXS7 (AXSA:2025-9921:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9921:04 advisory. CVE-2024-2496: Fix NULL pointer dereference in udevConnectListAllInterfaces function CVEs: CVE-2024-2496 A NULL pointer dereference flaw was found in the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of devmkzalloc leading to improper management of data lifecycles between interfaces, which could lea...