CVE-2026-24474 Dioxus Components has JavaScript injection via user-supplied IDs

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...

ROOT-OS-DEBIAN-11-CVE-2023-4806 CVE-2023-4806 in rootio-glibc - Patched by Root

Root has patched CVE-2023-4806 in the rootio-glibc package for Root:Debian:11. Multiple fixed versions available...

GCVE-1-2026-0007

creationtimestamp| type| source ---|---|--- 2026-01-20 21:00:27+00:00| seen| https://bsky.app/profile/adulau.infosec.exchange.ap.brid.gy/post/3mcv2ed5ci5s2 2026-01-20 21:09:51+00:00| seen| https://infosec.exchange/@adulau/115929431973189919 2026-01-20 21:12:45+00:00| seen|...

CVE-2026-23843

Summary: CVE-2026-23843 affects the teklifolustur_app PHP web app. An IDOR vulnerability exists in the offer view function: authenticated users can modify the offer_id to access offers owned by others due to missing authorization checks. The issue is mitigated by the patch introduced in commit dd...

CVE-2026-23843

teklifolusturapp is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference IDOR vulnerability exists in the offer view functionality. Authenticated users can...

CVE-2025-15528

A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may...

OESA-2026-1119 cups-filters security update

This project provides backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters and software developed independently of Apple, especially filters for the PDF-centric printing workflow...

CVE-2026-22699

RustCrypto: Elliptic Curves (RustCrypto SM2 PKE) suffers a denial-of-service vulnerability in the decryption path when an invalid EC point is decoded. Affected versions are 0.14.0-pre.0 and 0.14.0-rc.0; AffinePoint::from_encoded_point(&encoded_c1) may yield None, but the code unwraps it, causing ...

PT-2026-2027

Name of the Vulnerable Software and Affected Versions quickjs-ng versions up to 0.11.0 Description A flaw exists in quickjs-ng up to version 0.11.0 due to a heap-based buffer overflow in the js typed array constructor function within the quickjs.c file. This issue can be triggered remotely throug...

BeeS Software Solutions BeeS Examination Tool (BET) portal contains SQL injection vulnerability

Overview The BeeS Examination Tool BET portal from BeeS Software Solutions contains an SQL injection vulnerability in its website login functionality. More than 100 universities use the BET portal for test administration and other academic tasks. The vulnerability enables arbitrary SQL commands t...

Unity Linux 20.1070e Security Update: cups-filters (UTSA-2025-993321)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993321 advisory. cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In versions 2.0....

CVE-2025-15155

Concrete details available: CVE-2025-15155 affects floooh sokol up to commit 16cbcc864012898793cd2bc57f802499a264ea40, specifically the _sg_pipeline_desc_defaults function in sokol_gfx.h. The issue is a stack-based buffer overflow (root cause: improper handling in the _sg_pipeline_desc_defaults p...

Fedora 43 : uriparser (2025-5c12420f33)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5c12420f33 advisory. Update to uriparser-1.0.0, fixes CVE-2025-67899. Tenable has extracted the preceding description block directly from the Fedora security advisory...

ROOT-OS-DEBIAN-12-CVE-2025-8869 CVE-2025-8869 in rootio-python-pip - Patched by Root

Root has patched CVE-2025-8869 in the rootio-python-pip package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-11-CVE-2024-32020 CVE-2024-32020 in rootio-git - Patched by Root

Root has patched CVE-2024-32020 in the rootio-git package for Root:Debian:11. Multiple fixed versions available...

CVE-2025-65951

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...

EUVD-2025-199528

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...

PT-2025-47656

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.31 Description Claude Code is an agentic coding tool that had a critical remote code execution issue. Prior to version 2.0.31, an error in sed command parsing allowed bypassing the read-only validation, enabli...

PT-2025-47817

Name of the Vulnerable Software and Affected Versions thread-amount versions prior to 0.2.2 Description The thread-amount tool, used to determine the number of threads in a process, contains resource leaks when obtaining thread counts on Windows and Apple platforms. On Windows, the thread amount...

CVE-2025-65033

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an authorization flaw in the poll management feature allows any authenticated user to pause or resume any poll, regardless of ownership. The system only uses the public pollId to identify polls, and it does not...