2076 matches found
GHSA-66HX-CHF7-3332 pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)
Summary pyLoad caches role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database. As a result, an already logged-in user can keep old revoked privileges until logout/session...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in Apache Tomcat [CVE-2026-24734]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in Apache Tomcat, due to a failure to complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed CVE-2026-24734. Apache Tomcat is used in our speech...
OpenAI Rotates macOS Certificates Following Axios Supply Chain Breach
OpenAI rotates macOS certificates after downloading a compromised Axios version, urging users to update apps before revoked certificates are blocked in May 2026...
SUSE SLES12: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2026:1255-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1255-1 advisory. - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta C...
MGASA-2026-0091 Updated openssl packages fix security vulnerabilities
Incorrect Failure Handling in RSA KEM RSASVE Encapsulation. CVE-2026-31790 Potential Use-after-free in DANE Client Code. CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL. CVE-2026-28388 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo. CVE-2026-28389 Possible...
GHSA-96Q5-XM3P-7M84 Vikunja: Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade
Title Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade Description Vikunja's link share authentication constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner deletes a link share or...
SUSE-SU-2026:1256-1 Security update for openssl-1_0_0
This update for openssl-100 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientIn...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from defects in the setting coordination process, which treated explicitly empty permission lists as not set...
PT-2026-31945
Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description Vikunja's link share authentication constructs authorization objects entirely from JWT claims without server-side database validation. When a project owner deletes a link share or downgrades its...
USN-8155-2: OpenSSL vulnerabilities
USN-8155-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for CVE-2026-28387 for openssl in Ubuntu 20.04 LTS. CVE-2026-28388 for openssl and openssl1.0 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS, and CVE-2026-28389 and...
NULL Pointer Dereference When Processing a Delta CRL
...
SUSE CVE-2026-32144
Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in publickey:pkixocspvalidate/5 does not verify that a CA-designated responder certificate...
EUVD-2026-19962
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...
EUVD-2026-19776
File Browser share links remain accessible after Share/Download permissions are revoked...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the withHashFile handler not re-checking the share owner's current permissions. An attacker can access previously created share links and download files without authentication by using a valid but outdated...
ALPINE-CVE-2026-28388
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...
CVE-2026-28388
CVE-2026-28388 describes a NULL pointer dereference in OpenSSL delta-CRL processing when the CRL Number extension is missing. Exploitation requires enabling X509_V_FLAG_USE_DELTAS and the presence of a freshestCRL or EXFLAG_FRESHEST; processing a malformed delta CRL can crash an application, caus...
CVE-2026-28388
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...
CVE-2026-35604
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to...