85 matches found
CVE-2026-43827
CVE-2026-43827 affects Apache Shiro. In affected versions (1.0–2.1.0 and 3.0.0-alpha-1), an existing session is not invalidated nor a new session with a new ID issued after login, enabling session fixation. Upgraded fixes are available in 2.1.1 and 3.0.0-alpha-2 or later; apply the patch to mitig...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswapwritebackentry, after obtaining a folio from readswapcacheasync, we reacquire the tree lock to ensure that the swap entry was not invalidated or recycled. If it...
GHSA-HVP3-26WX-G2W4 Strapi: Password Reset Does Not Revoke Existing Refresh Sessions
Summary of CVE-2026-22706 Vulnerability Details - CVE: CVE-2026-22706 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N 2.1 — Low - Affected Versions: @strapi/admin and @strapi/plugin-users-permissions =5.33.3 Description of CVE-2026-22706 In Strapi versions prio...
Insufficient Session Expiration
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Insufficient Session Expiration via misconfiguration of the CORSMiddleware module and improper session management. An attacker can gain unauthorized access and execute arbitrary code by enticing an...
SUSE CVE-2025-13353
In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...
GHSA-45M8-CPM2-3V65 Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access
Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access Affected Component Socket.IO session state and role-check callsites: - backend/openwebui/socket/main.py lines 330-351, connect handler — role snapshotted into SESSIONPOOL - backend/openwebui/socket/main.py lin...
CVE-2026-5940
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...
CVE-2026-5942
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program...
CVE-2026-5940
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...
EUVD-2026-25826
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...
EUVD-2026-25828
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program...
CVE-2026-5942 Foxit PDF Editor/Reader AcroForm Signature Use-After-Free Vulnerability
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program...
CVE-2026-5942
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program...
CVE-2026-5942 Foxit PDF Editor/Reader AcroForm Signature Use-After-Free Vulnerability
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program...
PT-2026-35402
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...
PT-2026-35404
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program...
EUVD-2026-25048
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...
CVE-2026-6515 Insufficient Session Expiration in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...
CVE-2026-6515 Insufficient Session Expiration in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...
CVE-2026-6515
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...