696 matches found
EUVD-2026-38748
Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...
CVE-2026-56228
Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...
CVE-2026-56228 Capgo - Denial of Service via Improper Password Policy Length Validation
Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...
CVE-2026-56228
Capgo before 12.128.2 is vulnerable to improper password policy length validation. An authenticated organization administrator can set an extremely large minimum password length value, causing all users to fail password changes and effectively lock out the organization, resulting in an applicatio...
EUVD-2026-38116
Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: Fixed the signedness in the thislen calculation. When importing and using buffers, buf-len is considered unsigned. However, buf-len is converted to a signed integer during commit operations. This can lead to...
Astra Linux – Vulnerability in poppler, poppler-22
A floating-point exception in the PSStack::roll function of Poppler before version 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size. Functions like plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of a certain minimum size. Currently, this is only...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: A potential out-of-bounds error has been fixed when the buffer offset is invalid. I identified a potential out-of-bounds situation when the buffer offset fields of several requests are invalid. This patch sets the minimum...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Padding packets to ETHZLEN When sending packets that are less than 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETHZLEN, ensuring that nothing is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validates dbl2nbperpage during mounting In jfsdmap.c, on line 381, BLKTODMAP is used to obtain a logical block number within dbFree. dbl2nbperpage, which is the log2 of the number of blocks per page, is passed as an...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: Intel: avs: Fixed a potential RX buffer overflow issue. If an event causes the firmware to return an invalid RX size for LARGECONFIGGET, memcpyfromio might end up copying too many bytes. This issue was fixed by using min...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: hwmon: When the current fan speed state is enforced from sysfs, a non-zero return value is generated. The minimum fan speed can be enforced from sysfs. For example, setting the current fan speed to 20 forces the fan speed to 100%...
EUVD-2026-36726
Multer vulnerable to Denial of Service via deeply nested field names...
SUSE CVE-2026-52905
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...
PT-2026-48378
Name of the Vulnerable Software and Affected Versions yt-dlp versions 2023.09.24 through 2026.06.08 Description When curl is used as an external downloader, cookies may be leaked to an unintended host during an HTTP redirect or when the host for download fragments differs from the parent manifest...
PT-2026-48379
Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description A flaw allows a remote attacker to write arbitrary OS-shortcut files, such as .desktop, .url, and .webloc, to the user's filesystem. This occurs because the file extension allowlist used to preve...
PT-2026-48380
Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.06.09 Description When using aria2c as an external downloader for fragmented manifest formats like HLS or DASH streams, insufficiently sanitized input allows an attacker to perform arbitrary file writes. This occu...
AMD “Zen 5” Processors – RDSEED Failure
AMD has informed HP of a potential security vulnerability in some AMD “Zen 5” Processors, which might allow loss of confidentiality and integrity. AMD is releasing firmware updates to mitigate these vulnerabilities AMD has released updates to mitigate the potential vulnerability. HP has identifie...
CVE-2026-3362
The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient input sanitization no sanitize callback on registersetting and missing output escaping no escattr ...