RockyLinux 10 : tomcat (RLSA-2026:19054)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19054 advisory. tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 Tenable has extracted the preceding description blo...

CVE-2026-9097

Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken function in object/tokenoauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revok...

CVE-2026-48811

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

CVE-2026-48726

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

CVE-2026-48726

CVE-2026-48726 describes a bug in Apache Airflow where the logout flow for FabAuthManager and KeycloakAuthManager does not reach revoke_token(), leaving previously issued JWTs valid until expiry. This creates a residual gap after CVE-2025-57735 where cookie-side invalidation was addressed but pro...

CVE-2026-48726 Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

EUVD-2026-33581

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

CVE-2026-48726 Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

Apache Airflow code vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained code vulnerabilities. These vulnerabilities stemmed from the authentication...

CVE-2026-48811 FreeScout: Thread Deletion Bypasses Mailbox Access Revocation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

CVE-2026-48811

FreeScout (Laravel) contains a vulnerability where a non-admin can permanently delete an internal note (private thread) in any conversation, even after mailbox access is revoked. The root cause is the ThreadPolicy::delete authorization not verifying mailbox membership, allowing former members to ...

CVE-2026-48811

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

EUVD-2026-33437

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

CVE-2026-48811 FreeScout: Thread Deletion Bypasses Mailbox Access Revocation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

CVE-2026-44648

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data user handle,...

CVE-2026-44648

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data user handle,...

RLSA-2026:19054 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 For more details about the security issues, including the impact, a CVSS...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Page...

[SECURITY] Fedora 43 Update: openbao-2.5.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

[SECURITY] Fedora 44 Update: openbao-2.5.4-1.fc44

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...