Fedora 44 : pie (2026-e5d5fc359d)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e5d5fc359d advisory. Version 1.4.5 This release contains vulnerability fixes for the following security advisories: - GHSA-h842-vjwg-pxxx - Sudo-elevated arbitrary file deletion...

EUVD-2025-209950

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

CVE-2026-31717

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...

CVE-2026-31717

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...

EUVD-2026-26526

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...

CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...

PT-2026-28616

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description The plugin/PlayLists/View/Playlists schedules/add.json.php endpoint in AVideo allows authenticated users with streaming permission to create or modify broadcast schedules for any playlist,...

CVE-2026-27486

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes...

GHSA-8CW6-53M5-4932 StudioCMS has Authorization Bypass Through User-Controlled Key

Summary StudioCMS contains a Broken Object Level Authorization BOLA vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Details The Issue: The endpoint /dashboard/content-management/edit?edit=UUID...

CVE-2026-22246

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-users to inspect the relationships they lost as the result of a moderation action. The code allowing users to download lists of severed relationships...

CVE-2025-65033

Rallly prior to 4.5.4 contains an authorization flaw in the poll management feature: polls are identified only by pollId, and ownership is not verified. This allows any authenticated user to pause or resume any poll, compromising integrity and availability. The issue has been patched in version 4...

CVE-2025-65033 Rallly Broken Authorization: Any User Can Pause or Resume Any Poll via Poll ID Manipulation

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not...

Time-of-check Time-of-use (TOCTOU) Race Condition

snowflake.data is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. The vulnerability is due to improper verification of the file owner when reading a user-provided logging configuration file on Linux and macOS, allowing a local attacker to overwrite the configuration and contro...

Multicall does not check if the owner has changed after calls has been made(msg.sender misuse)

Lines of code Vulnerability details Impact The multicall doesn't check if the owner has changed after call or calls has been made. The transferOwnerShip contracts/proxy/MIMOProxy.sol/ requires that the owner is the msg.sender, before ownership can be changes, which is exactly what multicall can d...

PT-2020-14088 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: Gogs version 0.11.91 Description: The issue is related to insecure permissions in Gogs, specifically in the MakeEmailPrimary function located in models/user mail.go. This function lacks a check to ensure the user is the owner of the email,...

security flaw

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit...