CVE-2026-27792

CVE-2026-27792 affects Seerr, a media request/discovery manager. A missing authorization flaw on several pushSubscription API routes (due to absent isOwnProfileOrAdmin() middleware) allows authenticated users to access/modify other users’ data. Affected versions are 2.7.0–before 3.1.0; version 3....

CVE-2026-27792

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other...

CVE-2026-27792 Seerr missing authentication on pushSubscription endpoints

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other...

CVE-2026-27792 Seerr missing authentication on pushSubscription endpoints

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other...

EUVD-2026-9054

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other...

CVE-2026-27792 Seerr missing authentication on pushSubscription endpoints

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other...

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

PT-2026-22381

Name of the Vulnerable Software and Affected Versions Seerr versions prior to 3.1.0 Description Seerr, an open-source media request and discovery manager for Jellyfin, Plex, and Emby, contains a flaw where authenticated users can access and modify data belonging to other users. This is due to the...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

CVE-2026-1999

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enableautomerge mutation for pull requests. This issue only affect...

PT-2026-20504

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable auto merge mutation for pull requests. This issue only...

SUSE CVE-2025-71222

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skbpush This avoids occasional skbunderpanic Oops from wl1271txwork. In this case, headroom is less than needed typically 110 - 94 = 16 bytes...

CVE-2025-71222

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skbpush This avoids occasional skbunderpanic Oops from wl1271txwork. In this case, headroom is less than needed typically 110 - 94 = 16 bytes...

CVE-2025-71222

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skbpush This avoids occasional skbunderpanic Oops from wl1271txwork. In this case, headroom is less than needed typically 110 - 94 = 16 bytes...

UBUNTU-CVE-2025-71222

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skbpush This avoids occasional skbunderpanic Oops from wl1271txwork. In this case, headroom is less than needed typically 110 - 94 = 16 bytes...

CVE-2025-71222

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: ensure skb headroom before skbpush This avoids occasional skbunderpanic Oops from wl1271txwork. In this case, headroom is less than needed typically 110 - 94 = 16 bytes...

CVE-2025-71222

CVE-2025-71222 (Linux kernel) : Affects the wifi wlcore path. The issue arises from an insufficient skb headroom check before skb_push, causing an skb_under_panic Oops in wl1271_tx_work when headroom is insufficient (typical 110 vs 94, leaving 16 bytes). The fix ensures proper headroom before skb...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from failing to ensure sufficient space for the skb header before calling skbpush. This vulnerability...