CVE-2026-55423

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...

Linux Distros Unpatched Vulnerability : CVE-2026-47261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ...

EUVD-2026-36329

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-46432

CVE-2026-46432 (LMDeploy) affects lmdeploy

CVE-2026-11206

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

SAMSUNG rLottie 安全漏洞

SAMSUNG rLottie is a platform-independent C++ library developed by Samsung Electronics of South Korea. It is used for real-time rendering of vector-based animations and art. A previous version of SAMSUNG rLottie had a security vulnerability caused by uncontrolled recursion, which could lead to th...

CVE-2026-40713

CVE-2026-40713 concerns Dell ThinOS 10, specifically versions prior to ThinOS10_2602_10.0765, with an improper access control vulnerability. The vulnerability allows an unauthenticated attacker who has physical access to potentially cause information exposure. The available documents do not provi...

CVE-2026-45282

This CVE affects Nextcloud Server versions 32.0.0–32.0.8 and 33.0.0–33.0.2, where an authenticated attacker can access attachments of link shares using a valid share token and a known documentId, bypassing password protection or download restrictions. The vulnerability enables access to attachmen...

GitButler 代码注入漏洞

GitButler is an open-source modern Git version control interface that supports AI workflows. Versions of GitButler prior to 0.19.7 contained a code injection vulnerability. This vulnerability could allow arbitrary scripts to execute in the Tauri webview due to the malicious links present in the...

[SECURITY] [DSA 6289-1] openvpn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6289-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2026 https://www.debian.org/security/faq -...

CVE-2026-48237

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...

Astra Linux - уязвимость в chromium

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

BIT-ETCD-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

...

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

Linux Distros Unpatched Vulnerability : CVE-2026-44283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via...

Flight 安全漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the unconditional acceptance of the X-HTTP-Method-Override header and the$REQUESTmethod parameter by the Request::getMethod method. This...

CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

EUVD-2025-209743

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...