Plainpad 安全漏洞

Plainpad is a self-hosted note-taking application by the individual developer Alex Tselegidis. A security vulnerability exists in Plainpad versions prior to 1.1.1, which stems from allowing a low-privileged user to self-elevate to administrator via the admin parameter in a PUT request, potentiall...

PgBouncer 安全漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Prior to version 1.25.2, PgBouncer had a security vulnerability. This vulnerability stemmed from insufficient authorization checks for the KILLCLIENT management command. As long as users...

Unity Linux 20.1070e Security Update: expat (UTSA-2026-016783)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016783 advisory. libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. Tenable has extracted the preceding description block directly...

Hex-Rays IDA Pro 参数注入漏洞

Hex-Rays IDA Pro is a professional reverse-engineering tool developed by the Belgian company Hex-Rays. It is used for disassembly and program analysis. Versions of Hex-Rays IDA Pro from 9.2 to 9.3sp2 contained a parameter injection vulnerability. This vulnerability stemmed from the lack of...

osTicket 跨站请求伪造漏洞

osTicket is a widely used and trusted open-source support ticket system by the osTicket company. Versions of osTicket prior to 1.18.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the handling of the method parameter in the Dispatcher component’s file...

Debian dsa-6259 : python-jwt-doc - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6259 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6259-1 [email protected] https://www.debian.org/security/...

GitPython: Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPath

Summary The patch for CVE-2026-42215 GitPython 3.1.49 validates newlines only in the value parameter of setvalue. The section and option parameters are passed to configparser without any newline validation. An attacker who controls the section argument can inject \n to write arbitrary section...

CVE-2026-42350

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

CVE-2026-42350

Kargo Open Redirect in UI OIDC Login Flow (CVE-2026-42350). Affected versions: prior to 1.7.10, 1.8.13, 1.9.8, and 1.10.2. Root cause: open redirect via the redirectTo query parameter in the UI OIDC login flow. Impact: describes an open redirect vulnerability with potential to redirect users to e...

EUVD-2026-28857

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

CVE-2026-42350

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

CVE-2026-42195

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

CVE-2026-43401

A flaw was found in the Linux kernel's intelpstate component. This vulnerability arises when the system is booted with the "nosmt" parameter, causing a critical error known as a null pointer dereference in the updatecpuqosrequest function. Such an error can lead to system instability and...

EUVD-2026-28811

Insufficient input validation of the plugin parameter of the createuser plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user...

CVE-2026-42195 Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

CVE-2026-42195

The CVE describes a vulnerability in the draw.io client prior to version 29.7.9 where a ?gitlab= URL parameter can override the GitLab server URL used during OAuth sign-in. A crafted link can force the user’s click on the "Authorize in GitLab" dialog to open a popup on an attacker-controlled host...

CVE-2026-41925

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the adm.cgi binary's reboottime function that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboottime POST parameter. Attacke...

Grav: Stored XSS via page title (data[header][title]) in admin panel

Summary A Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/pages/page endpoint of the Grav application. This vulnerability allows attackers to inject malicious scripts into the dataheadertitle parameter. --- Details Vulnerable Endpoint: GET /admin/pages/page Parameter:...