CVE-2026-8208

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in...

Improper Encoding or Escaping of Output

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output the styleObjectForEach and jsxAttr style serialization paths in the JSX runtime. An attacker can inject arbitrary CSS declarations by supplying...

PT-2026-39334

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs sbi client send via scp or sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named...

PT-2026-39424

Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.13.0RC1 Description A heap-based buffer overflow exists in the SWSDfldsrch function within the frmts/hdf4/hdf-eos/SWapi.c file. This issue can be triggered through local access by executing a manipulation...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fbdisplayi-mode to NULL when the mode is released CVE-2025-40323 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 In the Linux kernel, the...

Important: kernel-livepatch-5.10.248-247.988

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

Fedora 42 : openssl (2026-7af660d639)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7af660d639 advisory. Validate RSApublicencrypt result in RSASVE Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

CVE-2026-42354

Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity...

CVE-2026-42456 AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the POST /oauth2/token parser process. An attacker can cause repeated panics and degrade service availability by sending specially crafted form-encoded requests with...

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Summary free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks , ok =...

Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions through improper handling of notification delivery failures in the FlushNotifications process. An attacker can cause the service to terminate unexpectedly by supplying a crafted notifyUri that...

GHSA-27PH-8Q4F-H7M7 free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions

Summary free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if the subscription does not exist, ReplaceIndividualSubcription writes back ...

free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference

Summary free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" enabling traffic-routing feature negotiation and whose medComponents entries supply an afAppId but NO AfRoutReq. The create path then calls...

GHSA-WWQH-7JM5-GJ7W free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference

Summary free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" enabling traffic-routing feature negotiation and whose medComponents entries supply an afAppId but NO AfRoutReq. The create path then calls...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the HandleCreateSmPolicyRequest process when a downstream OpenAPI consumer call returns a 404 error and the response struct is nil. An attacker can cause the application to panic a...

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the PATCH process to /api/v1/users/id when the permissions array is not properly restricted. An attacker can gain unauthorized administrative...

Improper Handling of Inconsistent Special Elements

Overview Affected versions of this package are vulnerable to Improper Handling of Inconsistent Special Elements due to inconsistent handling of negation operators in glob pattern processing. An attacker can cause unintended rule matching or bypass intended restrictions by crafting layouts that ar...

EUVD-2026-28838

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...