Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the invite confirmation process due to insufficient validation of the RefreshedToken. An attacker can bypass intended token rotation and reuse an original invite token by sending a crafted invite confirmation...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have security vulnerabilities. These vulnerabilities stem from the lack of verification...

CVE-2026-25988 ImageMagick's MSL image stack index not refreshed, leading to leaked images.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is stored in the wrong slot and never freed on error, causing leaks. Versions 7.1.2-15 and 6.9.13-4...

CLSA-2026-1771601553 Fix CVE(s): CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945

OpenJDK 8u482 release + CVE-2026-21945: enhance Certificate Checking + CVE-2026-21932: enhance Handling of URIs + CVE-2026-21933: improve HttpServer Request handling + CVE-2026-21925: improve JMX connections - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2026-January/020959.html...

CVE-2025-62781

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...

CVE-2025-10290

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press. This vulnerability was fixed in Focus for iOS...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from mac80211 Unuploaded STA may cause a crash when refreshed...

USN-6727-2 nss regression

USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that NSS incorrectly handled...

SUSE CVE-2021-22134

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been...

New MSRC Blog Site

We are excited to announce the release of the new Microsoft Security Response Center MSRC blog site. Please visit msrc.microsoft.com/blog/ starting February 9th, 2023, for all past and future MSRC blog content. In addition to the new URL, we have refreshed the site with a new look and improved si...

.NET Core 3.1 Update: June 14, 2022 (KB5015424)

.NET Core 3.1 Update: June 14, 2022 KB5015424 .NET Core 3.1 has been refreshed with the latest update as of June 14, 2022. This update contains security and other non-security fixes. See the release notes for details on updated packages. .NET Core 3.1 servicing updates are upgrades, that is, the...

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view.

...

UBUNTU-CVE-2021-22134

A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been...

USN-4719-1 ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle...

snowmaker (>=0.1.1 <=0.1.5), snowmaker-refreshed (=1.0.1) potentially affected by unknown CVE via codify (=0.3.0)

codify NPM version =0.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on codify and may be impacted: - snowmaker =0.1.1, =0.1.5 - snowmaker-refreshed =1.0.1 Source cves: unknown CVE Source advisory: OSV:GHSA-2Q6W-RXF3-4WC9...

CVE-2019-3864

A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:0174-1)

Fix a file conflict between -devel and -headless package - Update to 2.4.4 bnc858818 - changed from xz to gzipped tarball as the first was not available during update - changed a keyring file due release manager change new one is signed by 66484681 from [email protected], see...

[MoonSols] Windows Memory Toolkit

MoonSols Windows Memory Toolkit is a powerful toolkit containing all the utilities needed to perform any kind of memory acquisition or conversion during an incident response, or a forensic analysis for Windows desktops, servers or virtualized environment. The version 2.0 is a refresh and updated...