222 matches found
CVE-2026-60124 MISP importModule missing authorization allows read-only users to modify events via misp_standard imports
An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...
CVE-2026-57241
CVE-2026-57241 affects Foxit PDF Editor/Reader. The issue arises when opening a PDF where JavaScript operations on the page/document desynchronize page-related objects, yet the renderer trusts an outdated page count, leading to an out-of-bounds access and application crash. CVSSv3.1 metrics indic...
CVE-2026-14807
The CVE-2026-14807 entry concerns PROG MIS’s ERP App with a Use of Hard-coded Credentials vulnerability. The connected documentation confirms unauthenticated remote access that could log in and reveal application code, enabling retrieval of the database account and password. Reported CVSS metrics...
CVE-2026-14807
ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password...
CVE-2026-53356
A flaw was found in the Linux kernel's drm/i915/gem component. This vulnerability occurs because the sgpage function incorrectly scales pread/pwrite operations for physical Buffer Objects BO when a non-zero offset is used. This can lead to incorrect memory access, potentially allowing an attacker...
CVE-2026-49413 Flaw in Linuxulator execution of setugid binaries
The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...
CVE-2026-6047
CVE-2026-6047 : LibreOffice is affected during OOXML (DOCX) import of a text box element. The issue is a heap buffer overflow that occurs when replaying deferred parser events; a handler object may be written using a layout for a larger type, causing writes past the allocation end. The root cause...
CVE-2026-54398 MISP object edit authorization bypass allows unauthorized sharing group assignment
An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...
Critical: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Security update for firewalld
This update for firewalld fixes the following issue: CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations bsc1260903. Patch Instructions: To install this SUSE update use the SUSE recommended installation...
CVE-2026-6515
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...
Security update for firewalld
This update for firewalld fixes the following issue: CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations bsc1260903. Patch Instructions: To install this SUSE update use the SUSE recommended installation...
CVE-2026-42883
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining...
CVE-2026-41383 OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths
OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirr...
CVE-2026-41383 OpenClaw < 2026.4.2 - Arbitrary Remote Directory Deletion via Mis-scoped Mirror Mode Paths
OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can manipulate these OpenShell config paths to cause mirr...
CVE-2026-41383
OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode. By influencing remoteWorkspaceDir and remoteAgentWorkspaceDir, an attacker can cause mirror sync to delete unintended remote directory contents and replace them with uploaded workspace data. Affected p...
EUVD-2026-25048
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...
CVE-2026-6515
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...
PT-2026-34521
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists that could allow a user to access Virtual Registries under certain conditions by usin...
OESA-2026-1857 firewalld security update
firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. Security Fixes: A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and...