723 matches found
CVE-2026-55781
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block size only against the MINBSIZE lower bound and does not validate the fsfsize fragment size, allowin...
OPENSUSE-SU-2026:21312-1 Security update for python-pytest-html
This update for python-pytest-html fixes the following issues: Changes in python-pytest-html: - Revendor updating brace-expansion: - force brace-expansion minimum version to fix CVE-2026-13149 bsc1269923...
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay.
...
CVE-2026-8472 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...
DEBIAN-CVE-2026-60001
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...
CVE-2026-60001
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...
EUVD-2026-42145
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...
CVE-2026-60001
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...
CVE-2026-60001
sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...
PT-2026-56292
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description The sshd component does not consistently adhere to the minimum authentication delay, which is a mechanism designed to slow down authentication attempts to prevent brute-force attacks. Recommendations...
JLSEC-2026-658 Deno: Miller-Rabin Primality Test Allows Zero Rounds
Summary node:crypto.checkPrimecandidate, options, callback and crypto.checkPrimeSynccandidate, options ran no Miller-Rabin rounds at all when the caller left options.checks at its default of 0. In that mode, the only test applied to the candidate was trial division by the primes up to 17,863. Any...
PYSEC-2026-1002 Missing validation crashes `QuantizeAndDequantizeV4Grad`
Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...
OESA-2026-2870 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using...
PT-2026-55745
Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.07.04 Description Improper sanitization of output when using the --write-link option allows for downstream command injection. This occurs because shortcut file data is not properly validated and sanitized before...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Media: ccs – Avoid possible division by zero Calculating the maximum value of M for scaler configuration involves dividing by the value of the MINXOUTPUTSIZE limit register. Although this value is presumably non-zero, the driver...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: Check actuallength before accessing the data. The URB received in gsusbreceivebulkcallback contains a struct gshostframe. The length of the data after the header depends on the gshostframe...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fixed the “UBSAN: shift-out-of-bounds error” issue. This patch ensures that the RX ring size rxpending is not set below the permitted limit. This prevents UBSAN shift-out-of-bounds errors when users specify small or...
EUVD-2026-38748
Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...
CVE-2026-56228
Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...
EUVD-2026-38116
Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...