CVE-2026-23768

lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or object tags are used with a src attribute missing a file extension...

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

Popular artificial intelligence AI-powered Microsoft Visual Studio Code VS Code forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are non-existent in the Open VSX registry, potentially opening the door to supply chain risks when bad actors...

Linux Distros Unpatched Vulnerability : CVE-2024-23744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. CVE-2024-23744 Note...

Nextcloud: Ransomware protection is missing extentions

So again I'm not sure if this is in scope. However you do advertise this on your enterprise pages. So I assume so. In any case. It seems your ransomewareprotection app is missing some common extentions. See for example...

Backend SSL Connection Fails on ADC due to missing extensions

When using Secure-LDAP which uses port 636 TCPs or while making connection to server listening on secure port,it fails in SSL handshake phase...