615 matches found
dataspace-portal 安全漏洞
Dataspace-portal is an open-source data space management portal developed by Sovity. Versions of Dataspace-portal from 2.1.1 to 7.3.2 had security vulnerabilities, which were caused by insufficient authorization for self-registered “PENDING” organization/user accounts...
PT-2026-39190
Name of the Vulnerable Software and Affected Versions Data Space Portal versions 2.1.1 through 7.3.1 Description Data Space Portal is an open-source Software as a Service SaaS solution for Dataspace management. The backend contains insufficient authorization regarding self-registered organization...
GHSA-QXRW-F6FH-34R7 Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users
Summary The unauthenticated resend-verification endpoint returns different responses for registered and unregistered email addresses. A malicious third party can submit candidate addresses to /api/v4/account/auth/resendverificationemail and distinguish accounts from misses. Details...
CVE-2026-43219
In the Linux kernel, the following vulnerability has been resolved: net: cpswnew: Fix potential unregister of netdev that has not been registered yet If an error occurs during registernetdev for the first MAC in cpswregisterports, even though cpsw-slaves0.ndev is set to NULL, cpsw-slaves1.ndev...
Improper Authentication
Overview github.com/pocketbase/pocketbase/forms is a realtime backend in 1 file Affected versions of this package are vulnerable to Improper Authentication in the OAuth2 autolinking process. An attacker can gain unauthorized access to a victim's account by pre-registering an unverified user with...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the OAuth2 autolinking process. An attacker can gain unauthorized access to a victim's account by pre-registering an unverified user with the victim's email address using one OAuth2 provider, and then waiting...
CVE-2026-40229 Helpy 2.8.0 - Stored XSS in post author display via PostsHelper
Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...
Text::CSV_XS -- CWE-825 Expired Pointer Dereference
H.Merijn Brand - Tux reports: Text::CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getlineall methods invoke registered callbacks for example...
Integer Underflow (Wrap or Wraparound)
Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the parsemessage function when the NegoEx mechanism is registered in /etc/gss/mech. An attacker can cause process termination by sending specially crafted requests with a short headerlen that...
EUVD-2026-25469
In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free memory after the device is registered in hackrfprobe In hackrf driver, the following race condition occurs: CPU0 CPU1 hackrfprobe kzalloc; // alloc hackrfdev .... v4l2deviceregister; .... fd =...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013815)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013815 advisory. In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while deviceregister fails If deviceregister fails, it has...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010905)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010905 advisory. In the Linux kernel, the following vulnerability has been resolved: mailbox: zynq-ipi: fix error handling while deviceregister fails If deviceregister fails, it has...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010800)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010800 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsprecv can be called even when the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007576)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007576 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: defer registered files gc to iouring release Instead of putting iouring's...
Decidim amendments can be accepted or rejected by anyone
Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...
Decidim amendments can be accepted or rejected by anyone
Impact The vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as...
CVE-2026-33005
Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields...
Apache OpenMeetings 安全漏洞
Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system developed by the Apache Foundation in the United States. This product supports audio and video capabilities, and allows users to view the desktops of each participant. Prior to Apache OpenMeetings 9.0....
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the requestEmailChange mutation. An attacker can determine whether specific email addresses are registered by analyzing the differences in error messages returned by the system. Remediation A fix was pushed into...
CVE-2026-39397
The CVE affects the @delmaredigital/payload-puck PayloadCMS plugin (prior to 0.6.23). The /api/puck/* CRUD endpoints registered by createPuckPlugin() bypassed collection-level access controls due to overrideAccess: true, allowing unauthenticated access to Puck-registered collections. Fixed in 0.6...