EUVD-2026-29242

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information...

CVE-2026-33180 HAPI FHIR HTTP authentication leak in redirects

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

CVE-2026-33180 HAPI FHIR HTTP authentication leak in redirects

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

HAPI FHIR HTTP authentication leak in redirects

When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of headers ...

CVE-2026-27839 wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup

wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition...

EUVD-2026-8859

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.3 and earlier contained a security vulnerability caused by improper editing of privacy data, which could allow applications to access user contact information...

CVE-2026-22996

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't store mlx5epriv in mlx5edev devlink priv mlx5epriv is an unstable structure that can be memset0 if profile attaching fails, mlx5epriv in mlx5edev devlink private is used to reference the netdev and mdev associate...

CVE-2025-15523

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

Utarit SoliClub 安全漏洞

Utarit SoliClub is a mobile application from Utarit, Inc. A security vulnerability exists in Utarit SoliClub versions prior to 5.3.7, which stems from the disclosure of private personal information and may result in the querying of system information...

CVE-2025-43502

A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, Safari 26.1. An app may be able to bypass certain Privacy preferences...

CVE-2025-43502

A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, Safari 26.1. An app may be able to bypass certain Privacy preferences...

About the security content of Safari 26.1

About the security content of Safari 26.1 This document describes the security content of Safari 26.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of Safari 26.1

About the security content of Safari 26.1 This document describes the security content of Safari 26.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

PT-2025-43448

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in Moodle that allows users with permission to create calendar events to view the names of hidden groups, even if they do not have permission to view those groups. This can lead ...

SoK: Machine Unlearning for Large Language Models

Large language model LLM unlearning has become a critical topic in machine learning, aiming to eliminate the influence of specific training data or knowledge without retraining the model from scratch. A variety of techniques have been proposed, including Gradient Ascent, model editing, and...

macOS 14.x < 14.7.3 Multiple Vulnerabilities (122069)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.7.3. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS...

Dahua Security Cameras Improper Authentication (CVE-2017-9316)

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device...

ALPINE-CVE-2023-5388

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

CVE-2024-1592

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the processdelete function in class-DNSMPD.php. This makes it possible for unauthenticated...