CVE-2026-42604 Actual has an OpenID `client_secret` Disclosure via Broken Authorization Guard in `/openid/config`

Actual is a local-first personal finance tool. The POST /openid/config endpoint in Actual Budget's sync-server versions = 26.4.0 exposes the full OpenID Connect configuration—including the OAuth2 clientsecret—to any caller who knows the bootstrap password. The endpoint also lacks authentication a...

CVE-2024-27890

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...

EUVD-2024-55613

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...

DEBIAN-CVE-2025-38210

In the Linux kernel, the following vulnerability has been resolved: configfs-tsm-report: Fix NULL dereference of tsmops Unlike sysfs, the lifetime of configfs objects is controlled by userspace. There is no mechanism for the kernel to find and delete all created config-items. Instead, the...

Arista Networks Arista EOS安全漏洞

Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...