CVE-2026-34840 OneUptime SSO: Multi-Assertion Identity Injection via Decoupled Signature Verification

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...

CVE-2026-34584

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

CVE-2026-34584

The CVE affects listmonk (standalone, self-hosted newsletter/mailing list app). From version 4.1.0 up to, but not including, 6.1.0, bugs in list permission checks allow users in multi-user environments to access lists they should not access. This could expose restricted lists under different scen...

EUVD-2026-18450

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

CVE-2026-34584 listmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

CVE-2026-34584

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

CVE-2026-34584 listmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

CVE-2026-5175

Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...

CVE-2026-4924

Improper authentication in the two-factor authentication 2FA feature in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multifactor authentication and gain unauthorized access to the victim account via reuse of a partially authenticated session...

CVE-2026-4828

Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...

mansstimap

mansstimap SSTI Manager - Advanced SSTI Detection & Exploita...

agentic-blocks (>=0.1.36 <=0.1.37), aiqtoolkit-agno (>=1.1.0 <=1.3.1) +9 more potentially affected by CVE-2026-35002 via agno (>=1.2.16 <=2.0.9)

agno PYPI version =1.2.16, =0.1.36, =1.1.0, =0.8.0, =0.1.0, =1.3.4, =0.1.0.post1, =1.1.0a20251020, =1.7.0a20260513 - synvya-sdk =0.2.12 Source cves: CVE-2026-35002 Source advisory: OSV:GHSA-77RH-M34W-RV36...

AARTF---Autonomous-AI-RedTeam-Framework

AARTF AI-Driven Autonomous Security Workflow !CIhttps:/...

org.keycloak.services.resources.account: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API

A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered...

lightweight-msf

Lightweight-MSF !License: MIThttps://img.shields.io/badge...

[SECURITY] Fedora 42 Update: rust-scx_layered-0.0.6-8.fc42

A highly configurable multi-layer BPF / user space hybrid scheduler used within schedext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them. https://github.com/sched-ext/scx/tree/main...

[SECURITY] Fedora 42 Update: rust-scx_rusty-0.5.4-8.fc42

A multi-domain, BPF / user space hybrid scheduler used within schedext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them. https://github.com/sched-ext/scx/tree/main...

PT-2026-29854

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

Wisp 安全漏洞

Wisp is a practical Gleam web framework developed under open source, designed for rapid development and easy maintenance. Versions of Wisp from 0.2.0 to 2.2.2 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in multi-part form parsing that bypassed resource limits,...

listmonk 安全漏洞

ListMonk is a high-performance, self-hosted newsletter and mailing list manager developed by Kailash Nadh. Versions of ListMonk from 4.1.0 to 6.1.0 had security vulnerabilities due to defects in list permission checks. These vulnerabilities could allow users in multi-user environments to access...