MINI-8J8R-X772-VC6Q

Bulletin has no description...

MINI-PQ7R-49HG-PFRP

Bulletin has no description...

JLSEC-2026-211

libmariadb/mariadblib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadblib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle...

Exploit for Access of Uninitialized Pointer in Bytecodealliance Wasmtime

No d...

Fedora 42 : flatpak-builder (2026-631b9d535c)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-631b9d535c advisory. This update includes a fix for CVE-2026-39977. See also: the upstream advisory Tenable has extracted the preceding description block directly from the Fedora...

Radare2 后置链接漏洞

Radare2 is an open-source reverse framework for Unix-based geeks, developed by Radare. Prior to Radare2 6.1.4, there was a backlink vulnerability in the project’s note handling mechanism. This vulnerability stemmed from path traversal during note processing, allowing attackers to read or write...

CLSA-2026-1776879963 php: Fix of 9 CVEs

CVE-2019-9020: fix heap out-of-bounds read in xmlrpcdecode - CVE-2019-9021: fix heap buffer overflow in phardetectpharfnameext - CVE-2019-9023: fix heap buffer over-reads in mbstring regex functions - CVE-2019-9641: fix uninitialized read in exifprocessIFDinTIFF - CVE-2019-11034: fix...

CVE-2025-6016

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain...

GHSA-Q49F-XG75-M9XW vulnerabilities

Vulnerabilities for packages: zed, wasmcloud, wizer, yara-x...

CVE-2026-34276

CVE-2026-34276 affects Oracle MySQL Server (Group Replication Plugin). Affected versions: MySQL 8.0.0–8.0.45, 8.4.0–8.4.8, and 9.0.0–9.6.0. The vulnerability allows a low-privileged, network-accessible attacker (via multiple protocols) to cause a hang or a frequently repeatable crash of MySQL Ser...

Linux Distros Unpatched Vulnerability : CVE-2026-6753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

CVE-2026-32955

creationtimestamp| type| source ---|---|--- 2026-04-19 19:30:00+00:00| seen| https://jvn.jp/en/vu/JVNVU94271449 2026-04-20 05:17:09+00:00| seen| Telegram/oT3io0aR7EQyKUnAhTuUuKTmw-PFwRgwwLAn7oSA51QT1kY 2026-04-20 06:00:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mjvs3zrp3e2c...

CVE-2026-41894

creationtimestamp| type| source ---|---|--- 2026-04-19 09:48:52+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hjh7-r5w8-5872...

CVE-2026-40262

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which does not identify text-based formats such as HTML, SVG, or XHTML. These files are served with an...

GHSA-F3H5-H452-VP3J OpenClaw: Nostr profile mutation routes allowed operator.write config persistence

Summary Nostr profile mutation routes allowed operator.write config persistence. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Nostr plugin HTTP profile routes could persist profile config through a path that did not require admin...

CGA-5JJF-GQR2-HQJ6

Bulletin has no description...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the asset download process. An attacker can access the full contents of private note assets by sending unauthenticated requests to the /api/notes/noteID/assets/assetID endpoint when valid note and asset IDs are...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the asset download process. An attacker can access the full contents of private note assets by sending unauthenticated requests to the /api/notes/noteID/assets/assetID endpoint when valid note and asset IDs are...

CVE-2026-40265

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/noteID/assets/assetID is registered without authentication middleware, and the backend query does not verify ownership or book visibility. An unauthenticated user who knows...

CVE-2026-40263

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timing discrepancy allows unauthenticated attackers to enumerat...