CVE-2026-1660

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation...

CVE-2025-0186

CVE-2025-0186 describes a denial-of-service vulnerability in GitLab CE/EE where an authenticated user could exhaust server resources by crafted requests to a discussions endpoint. Affected versions include all 10.6-era releases before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1. The is...

CVE-2026-31456

In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walkpudrange can race with a concurrent thread refaulting the PUD leaf entry causing it to try walking a PMD range that has disappeared. A...

CVE-2026-31456

CVE-2026-31456 affects the Linux kernel mm/pagewalk: a race between concurrent splitting of a PUD entry in walk_pud_range() and a refault can cause a PMD range to disappear, triggering a kernel BUG during certain NUMA reads with VFIO-PCI DMA setup. The fix validates the PUD entry with a stable sn...

CVE-2026-31456 mm/pagewalk: fix race between concurrent split and refault

In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walkpudrange can race with a concurrent thread refaulting the PUD leaf entry causing it to try walking a PMD range that has disappeared. A...

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), ch.admin.bit.jeap:jeap-audit-command-builder (>=7.0.0-alpha-springboot4 <=7.1.0-alpha-springboot4) +830 more potentially affected by CVE-2026-22754 via org.springframework.security:spring-security-config (>=7.0.0-M1 <=7.0.4)

org.springframework.security:spring-security-config MAVEN version =7.0.0-M1, =0.2.0, =7.0.0-alpha-springboot4, =2.0.0-alpha-springboot4, =5.0.0-alpha-springboot4, =9.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4,...

CLSA-2026-1776855452 libsoup: Fix of 2 CVEs

CVE-2026-1801: use CRLF as line boundary when parsing chunked encoding data to prevent HTTP request smuggling via lone LF - CVE-2026-2443: reject Range header ends exceeding content length to prevent out-of-bounds read in byte range handling...

CLSA-2026-1776854729 libsoup: Fix of 2 CVEs

CVE-2026-1801: use CRLF as line boundary when parsing chunked encoding data to prevent HTTP request smuggling via lone LF - CVE-2026-2443: reject Range header ends exceeding content length to prevent out-of-bounds read in byte range handling...

EUVD-2026-24629

Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0...

CVE-2026-5466

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

CVE-2026-6840

CVE-2026-6840 describes missing bounds validation for an operator during model loading, enabling a out-of-range operator-code lookup. Affected versions are those prior to commit 1.30.0. The CVSS 3.1 base score is 5.5 (Medium) with Local attack vector, Low attack complexity, No privileges required...

CVE-2026-6840

Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0...

CVE-2026-6840

Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0...

CVE-2026-40451

DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user...

CVE-2026-40451

DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user...

EUVD-2026-24605

DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user...

CVE-2026-40451

The CVE-2026-40451 entry affects the DeepL Chrome extension, specifically versions 1.22.0 through 1.23.0. It describes a cross-site scripting vulnerability that allows an attacker to execute arbitrary scripts in a user’s browser and inject malicious HTML into pages viewed by the user. The provide...

EUVD-2026-24592

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

CVE-2026-6386

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shmcreatelargepage3 interface. In particular, it...

OAuth2 Proxy 安全漏洞

OAuth2 Proxy is a product developed by OAuth2 Proxy organization that can provide a reverse proxy for authentication with Google, Github, or other providers. There were security vulnerabilities in the versions of OAuth2 Proxy from 7.5.0 to 7.15.1. These vulnerabilities stemmed from the possibilit...