135 matches found
PT-2026-51452
Name of the Vulnerable Software and Affected Versions Budibase versions 3.37.2 through 3.38.x Description Budibase contains an issue where the GET /api/chat-links/:instance/:token/handoff endpoint is public and lacks authentication and Cross-Site Request Forgery CSRF protection. This allows an...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu: Clearing iommu-dma operations during cleanup. If iommudeviceregister encounters an error, it may result in tearing down already-configured groups and default domains. However, this still leaves devices connected to...
kernel: geneve: Fix use-after-free in geneve_find_dev().
A use-after-free vulnerability exists in the Linux kernel. When devnet is dismantled, the geneveexitbatchrtnl function calls unregisternetdevicequeue for each device in the network namespace. Later, when the device is freed, it is still linked to the backend UDP socket in the network namespace...
CVE-2026-49757 OAuth2/OIDC account takeover in AshAuthentication via email-based user matching
Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address an upsert on the email field, or a user-defined sign-in...
CVE-2026-6741
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...
SUSE SLED15 / SLES15 Security Update : go1.25-openssl (SUSE-SU-2026:2079-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2079-1 advisory. This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when...
SUSE-SU-2026:2092-1 Security update for go1.26-openssl
This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...
SUSE-SU-2026:2079-1 Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...
Exploit for CVE-2026-5229
CVE-2026-5229 CVE-2026-5229: Form Notify Auth Bypass via LINE...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handles PLTs. Sometimes it is necessary to use a PLT entry to call a ftrace trampoline. This is handled by ftracemakecall and ftracemakenop, both of which have almost identical logic. However, this iss...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from cross-session verification proofs, which rely solely on local user IDs and IdP aliases without binding actual verified upstream identities. This...
Malicious code in aurapro-ui (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cace553d74971e3660a0a7095662488f531348ba3e756696da5ff0ef9645ab22 The PyPI package aurapro-ui installs its code under the Python import namespace openwebui/ and registers two console scripts in entrypoints.txt —...
SUSE CVE-2026-44309
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...
HackerSignal: A Large-Scale Multi-Source Dataset Linking Hacker Community Discourse to the CVE Vulnerability Lifecycle
We introduce HackerSignal, a benchmark for temporal out-of-distribution cyber threat intelligence CTI and cross-source CVE linkage. HackerSignal aggregates 7.45 million exact-deduplicated documents from 64 public forum/source identifiers spanning eight source layers and a 36-year window 1990-2026...
Public Voting Records: A Record, or an Attack Surface?
This is a whitepaper discussing a formal methodology for auditing voter-file disclosure regimes against linkage attacks...
EUVD-2026-25910
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013796)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013796 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidde...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013757)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013757 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: fix module PLTs with mcount Li Huafei reports that mcount-based ftrace with module...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011068)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011068 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: fix module PLTs with mcount Li Huafei reports that mcount-based ftrace with module...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper SQL operator precedence in the hasAccessToLabel function. An attacker can access label metadata, including titles, descriptions, colors, and creator information from projects they do not have acce...