CVE-2026-5512 Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API

An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...

CVE-2025-40351

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplusdeletecat The syzbot reported issue in hfsplusdeletecat: 70.682285 T9333 ===================================================== 70.682943 T9333 BUG: KMSAN: uninit-value in...

CVE-2025-66556

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2...

PT-2025-49301

Name of the Vulnerable Software and Affected Versions Nextcloud talk versions prior to 20.1.8 Nextcloud talk versions prior to 21.1.2 Description A participant with chat permissions could delete poll drafts of other participants within a conversation by using their numeric ID. This issue affects...

DEBIAN-CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

CVE-2025-34823

CVE-2025-34823 is rejected/not used and does not represent an active vulnerability entry.

CVE-2026-27534

Technical details about CVE-2026-27534 are not provided in the supplied documents; no affected software, vector, impact, or remediation information is available. Monitor for updates.