EUVD-2026-38739

Capgo before 12.128.2 fails to enforce limitedtoorgs and limitedtoapps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

EUVD-2026-38502

A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...

CVE-2026-44957

The CVE-2026-44957 vulnerability affects Revive Adserver 6.0.6 and earlier, where a missing access control check in the XML-RPC API modify methods allowed entities to be reassigned to different parent entities, causing inconsistent ownership. The issue is exploitable only in combination with CVE-...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ceph: fixed a deadlock or deadcode issue caused by misuse of dget. The lock order between denty and its parent is incorrect; we should always ensure that the parent gets the lock first. However, since this deadcode is never used,...

Astra Linux – Vulnerability in Firefox

By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could be applied, leading to memory corruption and potentially exploitable crashes. This vulnerability affects Firefox versions less than 87...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fixed a UAF in blkcgunpinonline. blkcgunpinonline traverses the blkcg hierarchy to set the object as online. To traverse this hierarchy, it uses blkcgparentblkcg, but this call occurs after blkcgDestroyBlksblkcg, whic...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bfq: Avoid merging queues with different parents It can happen that the parent of a bfqq changes between the moment we decide that two queues are worth merging and set bic-stablemergebfqq and the moment bfqsetupmerge is called...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed an issue where inode lists were leaked during backref walking in findparentnodes. During backref walking, when findparentnodes is called, if we are dealing with a data extent and an error occurs while resolving...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: media:v4l2-core: A potential resource leak has been fixed in v4l2fwnodeparselink. If the fwnodegraphgetremoteendpoint function fails, fwnode is known to be NULL. Therefore, fwnodehandlePUT is a no-op. Instead, the reference...

CVE-2026-48986 pam_usb: Infinite loop DoS in process-tree walk when parent process exits during authentication

pamusb provides hardware authentication for Linux using removable media. In pamusb 0.9.1 and earlier, usbgetprocessparentid can cause an infinite loop DoS because it does not initialize ppid on failure. In pusblocallogin, the same variable is reused as input and output in a process-tree while loo...

io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

CVE-2026-44785

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...

CVE-2026-44785 Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...

EUVD-2026-36557

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...

CVE-2026-44785 Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...

CVE-2026-44785

CVE-2026-44785 affects Discourse. The vulnerability arises because the AI "explain" helper validates can_see? only on the post being explained, allowing an authenticated user with access to the AI helper to read the raw contents of a hidden parent post by invoking Explain on a reply to it. Affect...

CVE-2026-47691 Netty has Insufficient Bailiwick Validation for NS Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

PT-2026-48982

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The AI explain helper fails to verify the can see? permission on the reply to post of a post being explained. This allows an...

DRUPAL-CONTRIB-2026-043

This module integrates the Tagify JavaScript library to enhance entity reference selection in entity reference widgets. The module does not properly sanitise the name of parent taxonomy terms when rendering suggestions in the Tagify dropdown. This results in a cross-site scripting vulnerability...

GHSA-9VC9-4JV3-RF86 @hulumi/policies has a HULUMI-H5 bypass via decoy sibling resources targeting a different bucket

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...