6529 matches found
Updated roundcubemail packages fix security vulnerability
SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke And some regressions from the last fix are fixed...
[SECURITY] [DSA 6197-2] dovecot regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-6197-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 06, 2026 https://www.debian.org/security/faq -...
Fedora 42 : libopenmpt (2026-e2621c29b2)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e2621c29b2 advisory. Update from 0.8.5 to 0.8.6 to fix regression: https://lib.openmpt.org/libopenmpt/2026/03/24/security-updates-0.8.6-0.7.19-0.6.28-0.5.42-0.4.54/ ---- Potentia...
Improving ML Attacks on LWE with Data Repetition and Stepwise Regression
The Learning with Errors LWE problem is a hard math problem in lattice-based cryptography. In the simplest case of binary secrets, it is the subset sum problem, with error. Effective ML attacks on LWE were demonstrated in the case of binary, ternary, and small secrets, succeeding on fairly sparse...
EUVD-2026-17818
A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...
curl: Cookie attribute TAB injection regression in Set-Cookie parsing
Overview | | | |---|---| | Component | lib/cookie.c — parsecookieheader | | Type | Security regression incomplete input validation | | CWE | CWE-20 Improper Input Validation | | Severity | LOW CVSS 3.1 estimated 3.7, comparable to CVE-2022-35252 | | Affected | curl 8.18.0 through current HEAD | |...
CVE-2026-4748
A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...
CVE-2026-4748
A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...
CVE-2026-4748 pf silently ignores certain rules
A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...
GHSA-68F8-9MHJ-H2MP OpenClaw has a Gateway HTTP /v1/models Route Bypasses Operator Read Scope
Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The OpenAI-compatible HTTP endpoint /v1/models accepts bearer auth but does not enforce operator method scopes. In contrast, the WebSocket RPC path enforces operator.read for models.list. A caller connected with operator.approvals...
CVE-2026-25704
The CVE-2026-25704 entry concerns cosmic-greeter and describes a TOCTOU race condition that can allow a local attacker to regain privileges that should have been dropped due to incomplete privilege dropping in the GetUserData flow. Multiple connected feeds corroborate that the issue affects cosmi...
curl: HTTP/2 PUSH_PROMISE header loss on OOM bypasses scheme validation (regression of 2e8c922a89)
Summary: In lib/http2.c:1490, when curlmaprintf fails due to memory pressure, the push promise header is silently dropped but the callback returns success. If the lost header is the :scheme pseudo-header, the security check at line 733 that blocks HTTPS pushes over insecure connections is skipped...
Context-Aware Phishing Email Detection Using Machine Learning and NLP
Phishing attacks remain among the most prevalent cybersecurity threats, causing significant financial losses for individuals and organizations worldwide. This paper presents a machine learning-based phishing email detection system that analyzes email body content using natural language processing...
CVE-2026-27859
A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...
CVE-2026-24031
Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...
CVE-2025-59032
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...
CVE-2026-24031
Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...
Fedora: Security Advisory (FEDORA-2026-f9d2152328)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-PW7H-9G6P-C378 OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation
Summary Tlon settings reconciliation treated explicit empty allowlists as unset, which could silently undo an intended deny-all revocation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
OpenClaw: Tlon settings empty-allowlist reconciliation bypassed intended revocation
Summary Tlon settings reconciliation treated explicit empty allowlists as unset, which could silently undo an intended deny-all revocation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...