CVE-2026-22726

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

PT-2026-43372

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage

Summary Browser press/type interaction routes missed complete navigation guard coverage. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Some browser press/type style interactions could trigger navigation without complete post-action SSRF...

GHSA-VQX2-FGX2-5WQ9 Official Clerk JavaScript SDKs: Middleware-based route protection bypass

Summary createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. Sessions are not compromised and no existing user can be impersonated - the bypass only affects the...

Fedora 43 : apt / python-apt (2026-1c47e433df)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-1c47e433df advisory. Update to latest upstream release apt 3.1.15 and python-apt 3.1.0 ---- Update to latest upstream release apt 3.1.15, also fix build problem with previous...

CVE-2021-41278

Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allo...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when deleting releases. Remediation Upgrade code.gitea.io/gitea/services/release to version 1.25.2 or higher. References - Gitea Release - GitHub Commit - GitHub PR - GitHub PR - GitHub Release - Red Hat Bugzilla...

CVE-2025-66016 CGGMP24 is missing a check in the ZK proof used in CGGMP21

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full...

SonicWall Email Security Affected By Multiple Vulnerabilities

1 CVE-2025-40604 - Download of Code Without Integrity Check VulnerabilityDownload of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system...

CVE-2025-35112

Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31...

PT-2025-3738

Name of the Vulnerable Software and Affected Versions: Abacus ERP versions prior to 2024.210.16036 Abacus ERP versions prior to 2023.205.15833 Abacus ERP versions prior to 2022.105.15542 Description: The issue is an authenticated arbitrary file read vulnerability. This means that an attacker who...

SUSE: Security Advisory (SUSE-SU-2024:1122-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:1160-1 Security update for go1.22

This update for go1.22 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames bsc1221400 Other changes: - go minor release upgrade to 1.22.2 bsc1218424...

SUSE-SU-2024:1122-1 Security update for go1.21

This update for go1.21 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames bsc1221400 Other changes: - go minor release upgrade to 1.21.9 bsc1212475...

CVE-2023-28432

Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD, resulting in information disclosure. All users of...

Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.8.34 packages update

Red Hat OpenShift Container Platform release 4.8.34 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

Scientific Linux Security Update : GNOME on SL7.x x86_64 (20181030)

Security Fixes : - libsoup: Crash in soupcookiejar.c:getcookies on empty hostnames CVE-2018-12910 - poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph function allows denial of service CVE-2017-18267 - libgxps: heap based buffer over read in ftfontfacehash function of...

FreeBSD Security Advisory (FreeBSD-SA-11:05.unix.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-11:05.unix.asc ADV FreeBSD-SA-11:05.unix.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-11:05.unix.asc Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft...