1389799 matches found
GHSA-CRH6-FP67-6883 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard...
EUVD-2026-25018
id: groups= computed from real GID instead of effective GID...
EUVD-2026-24988
mkdir: -m exposes directory with umask perms before chmod race window...
CVE-2026-55727
A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...
CVE-2026-55727
A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...
EUVD-2026-41923
A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...
CVE-2026-55727
CVE-2026-55727 affects Genetec Security Center 5.14.0.0 (before build 5.14.178.18). A flaw in the authentication mechanism for video stream requests may allow an unauthenticated attacker to access live video streams. The CVSSv3.1 base score is 7.5 (HIGH) with network attack vector and no user int...
CVE-2026-13769
A flaw was found in AWS CLI. Overly permissive file permissions on Unix-like systems, where the umask has not been configured to restrict file permissions, may allow other local users on the same host to read credentials. This occurs when certain AWS CLI subcommands, such as aws codeartifact logi...
CVE-2026-41516
OP-TEE (Trusted Execution Environment for Arm Cortex-A TrustZone) contains a vulnerability in the Hisilicon HPRE PKCS#1 v1.5 RSA decryption path. From version 4.5.0 up to, but not including, 4.11.0, the RSA PKCS#1 v1.5 decryption implementation uses non-constant-time memcmp() for label hash verif...
CVE-2026-58403
Hugo (static site generator) vulnerable from v0.123.0 through v0.163.0. A regression in RootMappingFs.statRoot caused it to call Stat (which follows symlinks) instead of Lstat, enabling os.ReadFile on a symlink to read the target file outside the mount. This could let a symlink inside a theme or ...
EUVD-2026-41904
Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" data-lang="…" wrapper without HTML escaping. A fence info-string containing a quote and a script payload breaks out...
GHSA-JV8R-GQR9-68WJ
creationtimestamp| type| source ---|---|--- 2026-07-06 19:19:40+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mpysnxoqkx22 2026-07-07 00:01:32+00:00| seen| https://bsky.app/profile/slackers.it/post/3mpzcfyt62f2d...
GHSA-PJMC-GX33-GC76
creationtimestamp| type| source ---|---|--- 2026-07-06 19:19:40+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mpysnxoqkx22 2026-07-07 00:01:32+00:00| seen| https://bsky.app/profile/slackers.it/post/3mpzcfyt62f2d...
CVE-2026-54291
CVE-2026-54291 affects pgjdbc (OpenJDK PostgreSQL JDBC Driver) in versions 42.7.4–42.7.11. The issue allows a silent downgrade of channelBinding from SCRAM-SHA-256-PLUS to plain SCRAM-SHA-256 when an attacker can intercept TLS and presents a certificate whose signature algorithm lacks a tls-serve...
CVE-2026-55379
Pillow (Python imaging library) is affected by CVE-2026-55379. In older releases, PIL/BdfFontFile.py:bdf_char() read BBX width/height from a BDF font and passed attacker-controlled values to Image.new() without invoking Image._decompression_bomb_check(), bypassing the library’s decompression bomb...
CVE-2026-55380 Pillow GdImageFile decompression bomb protection bypass
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...
container-tools:rhel8 security update
An update is available for module.netavark, module.runc, slirp4netns, module.libslirp, criu, module.udica, module.oci-seccomp-bpf-hook, udica, toolbox, netavark, container-selinux, module.python-podman, module.crun, python-podman, module.containers-common, module.conmon, oci-seccomp-bpf-hook,...
CVE-2026-40138
creationtimestamp| type| source ---|---|--- 2026-07-06 17:30:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpymjyjtts2y 2026-07-06 17:42:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyn7p5zhe2z 2026-07-06 17:48:42+00:00| seen|...
ROOT-OS-DEBIAN-12-CVE-2026-7010 CVE-2026-7010 in rootio-perl - Patched by Root
Root has patched CVE-2026-7010 in the rootio-perl package for Root:Debian:12. Multiple fixed versions available...
ROOT-OS-DEBIAN-12-CVE-2023-31486 CVE-2023-31486 in rootio-perl - Patched by Root
Root has patched CVE-2023-31486 in the rootio-perl package for Root:Debian:12. Multiple fixed versions available...