CVE-2025-9909 Aap-gateway: improper path validation in gateway allows credential exfiltration

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

CVE-2025-9909

A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash // prefix in the gatewaypath. A malicious or socially engineered administrator can configure a...

GO-2026-4551 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change in code.vikunja.io/api

Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change in code.vikunja.io/api...

SODOLA SL902-SWTGW124AS 安全漏洞

SODOLA SL902-SWTGW124AS is an industrial switch manufactured by the Spanish company SODOLA. Versions of SODOLA SL902-SWTGW124AS prior to version 200.1.20 contain security vulnerabilities. These vulnerabilities stem from the ability for authenticated users to change their account passwords without...

GHSA-MJF5-7G4M-GX5W Storybook Dev Server is Vulnerable to WebSocket Hijacking

Summary The WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability only affects the Storybook dev server; production builds are not impacted. Details Exploitation requires a developer to visit a malicious...

Storybook Dev Server is Vulnerable to WebSocket Hijacking

Summary The WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability only affects the Storybook dev server; production builds are not impacted. Details Exploitation requires a developer to visit a malicious...

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

Entra ID OAuth Consent Can Grant ChatGPT Access to Emails

OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access...

PT-2026-22178

Name of the Vulnerable Software and Affected Versions Unitree Go2 firmware versions 1.1.7 through 1.1.9 and 1.1.11 EDU Description The affected firmware does not implement DDS authentication or authorization for the Eclipse CycloneDDS topic /rt/api/programming actuator/request managed by actuator...

GHSA-3CCG-X393-96V8 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...

EUVD-2026-8751

Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change...

Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Summary The application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account via brute-force or credential stuffing can mainta...

CVE-2026-27575

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An...

CVE-2026-27575 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An...

CVE-2026-27575

Vikunja is affected by a vulnerability described in CVE-2026-27575 where, before version 2.0.0, the application allowed weak passwords (e.g., 1234, password) without enforcing minimum strength. Additionally, sessions remain valid after a user changes their password, enabling an attacker who gains...

CVE-2026-27575 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An...

CVE-2026-27575 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords e.g., 1234, password without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An...

CVE-2025-62878

The CVE-2025-62878 exposure is a path traversal flaw in the Local Path Provisioner (rancher.io/local-path) via the parameters.pathPattern in StorageClass. A malicious user can craft pathPattern (using relative segments like ../) to cause PersistentVolumes to target arbitrary host paths, e.g., ove...

CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...

CVE-2025-62878

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...