8 matches found
CVE-2026-34970
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...
CVE-2026-33424
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacker can grant access to a private message topic through invites even after they lose access to that PM. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No know...
CVE-2026-33424
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an attacker can grant access to a private message topic through invites even after they lose access to that PM. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No know...
CVE-2023-25927
IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635...
The vulnerability of the tcp_twsk_purge() function in the net/ipv4/tcp_minisocks.c module, which is part of the Linux kernel’s IPv4 protocol implementation, allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the tcptwskpurge function in the net/ipv4/tcpminisocks.c module, which is part of the Linux kernel’s IPv4 protocol implementation, relates to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
Zulip security vulnerability
Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip version 7.5 that stems from the fact that an active user who previously subscrib...
Design/Logic Flaw
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...
The vulnerability of the microprogramming software of Siemens Simatic S7-1200 programmable logic controllers allows a malicious actor to cause malfunctions during maintenance operations.
The software of the programmable logic controller Simatic S7-1200 contains a vulnerability that causes loss of access to the device during the processing of specific TCP/IP packets...