electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

GHSA-G29V-Q6H7-76WH electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the pinchannelmessage process. An attacker can modify the ispinned, pinnedby, and pinnedat fields of messages by sending API requests with only read-level...

GHSA-5GC6-XHV4-2WG6 Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint

Summary Pin/Unpin is a write operation modifies the message's ispinned , pinnedby, pinnedat fields, but in standard channels it only checks read permission, allowing users with read-only access to pin/unpin any message. Details...

Open WebUI has an IDOR vulnerability in the pin_channel_message API endpoint

Summary Pin/Unpin is a write operation modifies the message's ispinned , pinnedby, pinnedat fields, but in standard channels it only checks read permission, allowing users with read-only access to pin/unpin any message. Details...

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the updatemessagebyid and deletemessagebyid handlers in channels.py. An attacker can overwrite or remove another member’s group or direct message conte...

GHSA-WWHQ-CX22-F7VV Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint

Summary An IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same channel. This vulnerability affects the latest version v0.8.12 of Open WebUI. Details In the updatemessagebyid...

Open WebUI has an IDOR vulnerability in the update_message_by_id API endpoint

Summary An IDOR vulnerability exists in the Channels feature of Open WebUI, allowing any channel member to modify messages sent by other members including administrators within the same channel. This vulnerability affects the latest version v0.8.12 of Open WebUI. Details In the updatemessagebyid...

CLSA-2026-1778493573 samba: Fix of CVE-2017-15275

CVE-2017-15275: Fix server heap memory information leak by zeroing unused area when messagepushstring grows the talloc buffer...

CLSA-2026-1778773906 PackageKit: Fix of CVE-2026-41651

CVE-2026-41651: fix TOCTOU race on cached transaction flags that allowed unprivileged users to install arbitrary RPM packages as root via the PackageKit D-Bus interface, leading to local privilege escalation; reject re-invocation of action methods on transactions that have left the NEW state...

org.apache.artemis:artemis-server: org.apache.activemq:artemis-server: Apache Artemis, Apache ActiveMQ Artemis: Message injection and exfiltration due to missing authentication

A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An unauthenticated remote attacker can exploit a missing authentication for critical function vulnerability by using the Core protocol. This allows the attacker to force a target broker to establish an outbound Core federation...

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

Apache Camel: org.apache.camel: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection

A flaw was found in Apache Camel. A remote attacker with Java Message Service JMS producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows f...

CVE-2026-44504

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

CVE-2026-44504

CVE-2026-44504 (Aegra) describes a cross-tenant IDOR in Aegra deployments prior to 0.9.7 where an authenticated user with access to another user’s thread_id can: (1) execute runs against that user’s thread via /threads/{thread_id}/runs (and related endpoints), (2) read the other user’s full check...

EUVD-2026-30322

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

CVE-2026-44504

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

CVE-2026-44504 Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...