Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification

Summary A Mass Assignment vulnerability in the PUT /api/v1/user endpoint allows authenticated users to directly modify restricted user fields, including the credential password hash, bypassing the intended password change workflow. Because the endpoint forwards the entire request body to the...

GHSA-59FH-9F3P-7M39 Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Override Password Hash and Bypass Password Change Verification

Summary A Mass Assignment vulnerability in the PUT /api/v1/user endpoint allows authenticated users to directly modify restricted user fields, including the credential password hash, bypassing the intended password change workflow. Because the endpoint forwards the entire request body to the...

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-61726 DESCRIPTION: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

USN-8286-1 openvpn vulnerabilities

Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter discovered that OpenVPN incorrectly handled suitably malformed packets with valid tls-crypt-v2 keys. An attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. CVE-2026-35058 Guannan Wang, Zhanpe...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

Important: Red Hat Security Advisory: golang-github-openprinting-ipp-usb security update

An update for golang-github-openprinting-ipp-usb is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

Astra Linux - уязвимость в curl

There is a vulnerability in the handling of certificate validation in curl v8.1.0, particularly in how wildcard patterns are matched when listed as “Subject Alternative Name” in TLS server certificates. Curls can be modified to use its own name matching function for TLS, rather than the one...

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: JSSE. The supported versions affected by this vulnerability include Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5, and 22.3.1...

Astra Linux - уязвимость в openssl1.0

The Raccoon attack exploits a flaw in the TLS specification, which allows an attacker to calculate the pre-master secret in connections that use a Diffie-Hellman DH-based ciphersuite. In such cases, the attacker can eavesdrop on all encrypted communications sent over that TLS connection. The atta...

Astra Linux - уязвимость в libsdl1.2, libsdl2

In SDL Simple DirectMedia Layer, from versions 1.2.15 onward, as well as in versions 2.x through 2.0.9, there is a heap-based buffer over-read issue in the Map1toN function within the video/SDLpixels.c file...

Astra Linux - уязвимость в qemu

A bug in QEMU could cause a guest I/O operation that is normally directed to an arbitrary disk offset to be directed instead to offset 0. This could potentially overwrite the VM’s boot code. For example, this could be exploited by L2 guests who have a virtual disk vdiskL2 stored on the virtual di...

Astra Linux - уязвимость в wireshark

The TLS protocol dissector infinite loop in Wireshark versions 4.6.0 to 4.6.4 allows for denial of service attacks...

Astra Linux - уязвимость в gimp

A vulnerability in gimplayerinvalidateboundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception through a crafted XCF file, resulting in a Denial of Service DoS attack...

Astra Linux - уязвимость в libsdl1.2, libsdl2

The SDL Simple DirectMediaLayer versions from 1.2.15 up to 2.x, and from 2.0.9 up to 2.0.9, have a buffer over-reading issue in the IMAADPCMnibble function in the audio/SDLwave.c file...

Astra Linux - уязвимость в libsdl1.2, libsdl2

In SDL Simple DirectMedia Layer, from versions 1.2.15 onward, as well as in versions 2.x through 2.0.9, there is a heap-based buffer over-read issue in the InitMSADPCM function within audio/SDLwave.c, specifically within the wNumCoef loop...

Astra Linux - уязвимость в libsdl1.2, libsdl2

SDL Simple DirectMediaLayer from version 1.2.15 to 2.x, and from version 2.0.9 to 2.0.9, has a heap-based buffer overflow issue in the MSADPCMDecode function within audio/SDLwave.c...