28972 matches found
CVE-2026-5512 Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error...
CVE-2026-6058
UNSUPPORTED WHEN ASSIGNED An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00ABDV.3C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service DoS condition in the web management interface by convincing an authenticated...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013208)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013208 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Cali...
EUVD-2026-23980
Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...
MINI-V65C-8PGM-RM95
Bulletin has no description...
CVE-2026-5928
Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially...
CVE-2026-35603
Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...
Security update for ncurses
This update for ncurses fixes the following issue: CVE-2025-69720: buffer overflow in function analyzestringof progs/infocmp.c bsc1259924. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can...
PT-2026-33852
Name of the Vulnerable Software and Affected Versions gnu C Library versions prior to 2.44 Description Calling the ungetwc function on a FILE stream with wide characters encoded in a character set with overlaps between single byte and multi-byte character encodings can lead to an attempt to read...
GNU C Library 安全漏洞
The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions of the GNU C Library 2.43 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of the ungetwc function on character sets with...
PT-2026-33634
Name of the Vulnerable Software and Affected Versions UltraDAG version 0.1 Description A non-council attacker can submit a signed 'SmartOp::Vote' transaction that successfully passes signature, nonce, and balance prechecks. However, the authorization check fails only after state mutation has...
bounty-stack
No d...
GHSA-5CWG-9F6J-9JVX Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
On Windows, Claude Code loaded system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable by non-administrative users by default and the ClaudeCode subdirectory...
CVE-2026-35603
Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...
CVE-2026-35603
CVE-2026-35603 affects Claude Code on Windows prior to 2.1.75. The issue arises when Claude Code loads the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or permissions. Since ProgramData is writable by non-admins by d...
CVE-2026-35603
Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...
SUSE CVE-2026-40918
A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service DoS. This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted P...
Building your cryptographic inventory: A customer strategy for cryptographic posture management
Post-quantum cryptography PQC is coming—and for most organizations, the hardest part won’t be choosing new algorithms. It will be finding where cryptography is used today across applications, infrastructure, devices, and services so teams can plan, prioritize, and modernize with confidence. At...
OpenAI Launches GPT-5.4-Cyber to Boost Defensive Cybersecurity
OpenAI unveils GPT-5.4-Cyber, a cybersecurity-focused model built to help defenders analyze malware and fix software bugs. The company is also expanding its Trusted Access for Cyber TAC program to thousands of verified experts...
CVE-2026-41015
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...