2230 matches found
PT-2026-34196
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner id parameter in the request...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007437)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007437 advisory. In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clipvcc. ioctlATMARPMKIP allocates struct clipvcc and set it...
EUVD-2026-23219
The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-3155 OneSignal – Web Push Notifications <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id'
The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
WordPress plugin OneSignal – Web Push Notifications 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-32160
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-32158
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-32159
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-26172
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-26167
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
MAL-2026-2687 Malicious code in com.baogong.app_push_permission (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93345e918d93e3cd492384a72e95c8e9ce9cafec610ce022b3b19493edb68780 The package com.baogong.apppushpermission was found to contain malicious code. Source: ghsa-malware...
Malicious code in @jesusvizcaino2021/com.baogong.app-push-permission (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 457170b51d87c7f84644a72a71a9979508a99061e7e8fdee3aa8c2e170493b12 The package @jesusvizcaino2021/com.baogong.app-push-permission was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2916 Malicious code in @jesusvizcaino2021/com.baogong.app-push-permission (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 457170b51d87c7f84644a72a71a9979508a99061e7e8fdee3aa8c2e170493b12 The package @jesusvizcaino2021/com.baogong.app-push-permission was found to contain malicious code. Source: ossf-package-analysis...
curl: lib/http2.c: SSL connections accept non-HTTP push schemes (incomplete fix for 2e8c922a)
Summary: settransferurl in lib/http2.c validates the :scheme pseudo-header of PUSHPROMISE frames only when !viasslconn — a guard added by commit 2e8c922a to block non-TLS connections from accepting TLS-scheme pushes. The symmetric case was not addressed: over TLS, viasslconn is TRUE, the guard at...
EUVD-2026-22547
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
EUVD-2026-22546
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
EUVD-2026-22549
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
EUVD-2026-22396
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
EUVD-2026-22406
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...
CVE-2026-32160
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Push Notifications allows an authorized attacker to elevate privileges locally...