39 matches found
CVE-2026-41720
Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...
CVE-2026-41720 Authentication Bypass with Empty Password in Spring LDAP
Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 through 2.4.4; 3.2.0 through 3.2.17; 3.3.0 through 3.3.7; 4.0.0 through 4.0.3...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Ensure that the list is non-empty before using listfirstentry in kfdtopology.c. Before using listfirstentry, make sure that the list is not empty. If the list is empty, return -ENODATA. The following issues have be...
PT-2026-34037
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Signing ID as an Apple platform binary. This bug allows a malicious software to impersonate an apple...
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-38400)
In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. syzbot reported a warning below 1 following a fault injection in nfsfsprocnetinit. 0 When nfsfsprocnetinit fails, /proc/net/rpc/nfs is not removed. Later, rpcprocexit...
BIT-DISCOURSE-2026-26078 Discourse has authentication bypass vulnerability in the Patreon plugin webhook endpoint
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the patreonwebhooksecret site setting is blank, an attacker can forge valid webhook signatures by computing an HMAC-MD5 with an empty string as the key. Since the request body is known to th...
CVE-2026-26078
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the patreonwebhooksecret site setting is blank, an attacker can forge valid webhook signatures by computing an HMAC-MD5 with an empty string as the key. Since the request body is known to th...
CVE-2026-26078 Discourse has authentication bypass vulnerability in the Patreon plugin webhook endpoint
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the patreonwebhooksecret site setting is blank, an attacker can forge valid webhook signatures by computing an HMAC-MD5 with an empty string as the key. Since the request body is known to th...
CVE-2026-26078
Discourse’s Patreon webhook vulnerability (CVE-2026-26078) affects releases prior to 2025.12.2, 2026.1.1, and 2026.2.0. When patreon_webhook_secret is blank, an attacker can generate valid webhook signatures by computing an HMAC-MD5 with an empty key, using the known request body to forge arbitra...
CVE-2026-26078
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the patreonwebhooksecret site setting is blank, an attacker can forge valid webhook signatures by computing an HMAC-MD5 with an empty string as the key. Since the request body is known to th...
CVE-2026-26078 Discourse has authentication bypass vulnerability in the Patreon plugin webhook endpoint
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the patreonwebhooksecret site setting is blank, an attacker can forge valid webhook signatures by computing an HMAC-MD5 with an empty string as the key. Since the request body is known to th...
PT-2026-22153
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, is susceptible to a security issue. When the patreon webhook secret site...
kernel: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails
In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. syzbot reported a warning below 1 following a fault injection in nfsfsprocnetinit. 0 When nfsfsprocnetinit fails, /proc/net/rpc/nfs is not removed. Later, rpcprocexit...
EUVD-2020-21036
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2025-38400
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. syzbot reported a warning below 1 following a fault injection in nfsfsprocnetinit. 0 When...
UBUNTU-CVE-2025-38400
In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit fails. syzbot reported a warning below 1 following a fault injection in nfsfsprocnetinit. 0 When nfsfsprocnetinit fails, /proc/net/rpc/nfs is not removed. Later, rpcprocexit...
GO-2022-0390 Moby (Docker Engine) started with non-empty inheritable Linux process capabilities in github.com/docker/docker
Moby Docker Engine started with non-empty inheritable Linux process capabilities in github.com/docker/docker...
PT-2024-18938 · Npm · Node-Stringbuilder
Name of the Vulnerable Software and Affected Versions: node-stringbuilder versions all Description: The issue arises from incorrect memory length calculation in the node-stringbuilder package, leading to an Out-of-bounds Read. This occurs when methods such as ToBuffer, ToString, or CharAt are...
DEBIAN-CVE-2023-52678
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing listfirstentry in kfdtopology.c Before using listfirstentry, make sure to check that list is not empty, if list is empty return -ENODATA. Fixes the below:...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to verify that a list is non-empty before using listfirstentry in kfdtopology.c. The vulnerability...