JLSEC-2026-410

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

CVE-2026-33575

OpenClaw prior to 2026.3.12 embeds long‑lived shared gateway credentials directly in pairing setup codes generated by /pair and in the OpenClaw QR command. If attackers access leaked setup codes from chat history, logs, or screenshots, they can recover and reuse the shared credential outside the ...

SUSE CVE-2026-33473

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

CVE-2026-33473

Vikunja (Vikunja) TOTP reuse flaw: 2FA TOTPs can be accepted for multiple sessions if the same timestamped code is reused within the 30‑second window. Root cause is in the TOTP validation path (ValidateTOTPPasscode) which fetches the user’s TOTP secret and validates the provided code, allowing re...

CVE-2026-33473 Vikunja has TOTP Reuse During Validity Window

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

MiracleLinux 8 : curl-7.61.1-22.el8.3 (AXSA:2022-3782:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3782:01 advisory. curl: OAUTH2 bearer bypass in connection re-use CVE-2022-22576 curl: credential leak on redirect CVE-2022-27774 curl: auth/cookie leak on redirect...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google. Google Chrome Media Stream suffers from a post-release reuse vulnerability that originates from re-referencing or using freed memory, which can be exploited by remote attackers to crash an application...

ROS-20251128-04

Vulnerability of the smb2isvalidoplockbreak function in the fs/smb/client/smb2misc.c module of the SMB client implementation of the Linux kernel is related to the reuse of the previously released SMB protocol client implementation of the Linux kernel is related to the reuse of previously freed...

PT-2025-47308

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a flaw that allows attackers to perform Cross-Site Request Forgery CSRF attacks in the user editing functionality. The existing CSRF protection can be...

CVE-2025-62717

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

EUVD-2019-3516

Malware in sbrugna...

EUVD-2020-9426

Malware in sbrugna...

EUVD-2021-12340

Malware in sbrugna...

EUVD-2016-9551

Malware in sbrugna...

EUVD-2020-24693

Malware in sbrugna...

EUVD-2025-29257

Malicious code in bioql PyPI...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via insecure session handling in prebuilt workspaces. An attacker can gain unauthorized access to other users' workspaces by reusing unexpired session tokens exposed through...

Adobe InDesign Desktop Post-Release Reuse Vulnerability (CNVD-2025-19766)

Adobe InDesign Desktop is desktop publishing DTP software developed by Adobe, mainly used for typography design of print and digital publications, including books, magazines, posters, e-books and so on. Adobe InDesign Desktop suffers from a post-release reuse vulnerability that can be exploited b...

Adobe InDesign Desktop Post-Release Reuse Vulnerability (CNVD-2025-19767)

Adobe InDesign Desktop is desktop publishing DTP software developed by Adobe, mainly used for typography design of print and digital publications, including books, magazines, posters, e-books and so on. Adobe InDesign Desktop suffers from a post-release reuse vulnerability that can be exploited b...

CVE-2025-55000

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected...