36134 matches found
CVE-2026-53167
In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSENOTIFYRETRIEVE is intended to only return data that is already in...
CVE-2026-52795
Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...
EUVD-2026-38955
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix leaking freebds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that ...
PT-2026-51981
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the bcmgenet network driver where free bds buffer descriptors are leaked. During the reclamation of the tx queue, the write pointer is fast-forwarded to drop data in...
CVE-2026-54324
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification...
CVE-2026-54324 Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification...
CVE-2026-54324
CVE-2026-54324 affects Daytona API service (NestJS) used in Daytona’s notification WebSocket gateway. The cross-tenant flaw allowed any authenticated user to join another organization’s realtime channel by binding a client-supplied organization ID to the corresponding room without verifying membe...
EUVD-2026-38240
An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...
CVE-2026-12888
CVE-2026-12888 describes an HTML injection vulnerability in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens. The issue allows interface manipulation by an attacker who can insert limited HTML content, including links, into the webhook payload. Affects Canarytoke...
CVE-2026-12888 HTML injection in the Canarytoken Google Chat notification
An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: gatus, hydra, knative-eventing, tekton-pipelines, witness, crossplane-provider-sql, rancher-webhook, traefik, rancher-system-agent, crossplane-provider-family-aws, datadog-agent, calico, neuvector-sigstore-interface, k8sgpt, xeol, rancher-agent, containerd, gcsfuse,...
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: gatus, hydra, knative-eventing, tekton-pipelines, witness, crossplane-provider-sql, rancher-webhook, traefik, rancher-system-agent, crossplane-provider-family-aws, datadog-agent, calico, neuvector-sigstore-interface, k8sgpt, xeol, rancher-agent, containerd, gcsfuse,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Prevent sending WMI commands to firmware during a firmware crash Currently, we encounter the following kernel call trace when a firmware crash occurs. This occurs because the host sends WMI commands to the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nexthop: Memory leaks in the nexthop notification chain listeners have been fixed. Syzkaller identified memory leaks that can be addressed by executing the following commands: ip nexthop add id 1 blackhole devlink dev reload...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virtio-net: The recursive rtnllock function occurs during the probe operation. This deadlock appears in a stack trace like this: virtnetprobe rtnllock virtioconfigChangedWork netdevNotifyPeers rtnllock This occurs when the VMM...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211 – Reject VHT operation mode for unsupported channel widths Notifications related to VHT operation mode are not defined for channel widths below 20 MHz. Specifically, 5 MHz and 10 MHz are not valid under the VHT...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: fixed a typographical error in the frequency notification. The NAN notification refers to a frequency of 5745 MHz, which corresponds to channel 149, not 5475—which is not a valid channel at all. This could le...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – Do not read beyond the mfuart notification. In the event that the firmware sends a notification claiming to have more data than it actually does, we will read beyond the allocated space for the notification. ...
Astra Linux – Vulnerability in Firefox and Thunderbird
A website could have obscured the fullscreen notification by using a dropdown select input element. This could have caused user confusion and potentially led to spoofing attacks. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...
Astra Linux – Vulnerability in Thunderbird, Firefox
A website could have obscured the full-screen notification by using a URL that was processed by an external program, such as a mailto URL. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox 116, Firefox ESR 115.2, and Thunderbi...