2076 matches found
CVE-2026-35604
The CVE affects File Browser prior to v2.63.1 where public share links created by a user remain accessible to unauthenticated users after the share and download permissions are revoked. The root cause is that the public share download handler does not re-check the share owner’s current permission...
EEF-CVE-2026-32144 OCSP designated-responder authorization bypass via missing signature verification
Summary Improper Certificate Validation vulnerability in Erlang OTP public\key pubkey\ocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public\key:pkix\ocsp\validate/5 does not verify that a CA-designated responde...
CVE-2026-28388
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...
File Browser 安全漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.63.1 contained security vulnerabilities. These vulnerabilities stemmed from...
UBUNTU-CVE-2026-28388
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...
PT-2026-31037
Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 Description A NULL pointer dereference can occur during the processing of a delta CRL containing a Delta CRL Indicator extension if the required CRL Number extension is missing. This can lead to a denial of...
JLSEC-2026-57
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser...
openSUSE 16 Security Update : tomcat10 (openSUSE-SU-2026:20444-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20444-1 advisory. Update to Tomcat 10.1.52: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754:...
OpenClaw: Gateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation
Summary Gateway device.token.rotate does not terminate active WebSocket sessions after credential rotation Current Maintainer Triage - Status: open - Normalized severity: low - Assessment: v2026.3.28 rotates device tokens without disconnecting already-authenticated WebSocket sessions, which is a...
[SECURITY] Fedora 43 Update: openbao-2.5.2-1.fc43
Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...
CVE-2026-34572
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deactivated. Due to a logic flaw in the...
CVE-2026-34570
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic flaw in the backend...
📄 listmonk Session Persistence
listmonk has a flaw where sessions persist as valid after password reset and password change. CVE-2026-34828 listmonk’s Session Persistence After Password Reset and Password Change Intro I found this issue while reviewing listmonk, an open-source newsletter and mailing list manager, with a simple...
listmonk's active sessions remain valid after password reset and password change
Summary A session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and password change. As a result, an attacker who has already obtained a valid session cookie can retain access to the...
GHSA-H5J9-CVRW-V5QH listmonk's active sessions remain valid after password reset and password change
Summary A session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and password change. As a result, an attacker who has already obtained a valid session cookie can retain access to the...
CVE-2026-34572
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deactivated. Due to a logic flaw in the...
CVE-2026-34570
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic flaw in the backend...
EUVD-2026-18089
CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation Logic Flaw...
EUVD-2026-18086
CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation Logic Flaw...
CVE-2026-34572
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deactivated. Due to a logic flaw in the...