authentik 安全漏洞

Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik prior to 2025.12.5, as well as versions from 2026.2.0-rc1 to 2026.2.2, contained security vulnerabilities. These vulnerabilities stemmed from the PATCH /api/v3/core/users/pk/ API, which...

PT-2026-42711

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Constraint extensions, such as [email protected], were not serialized in requests when adding a key to a remote agent. This caused destination...

Astra Linux – Vulnerability in Jackson-Databind

FasterXML Jackson-Databind 2.x versions before 2.9.10.8 mishandle the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS...

Astra Linux - уязвимость в jackson-databind

FasterXML Jackson-Databind 2.x versions before 2.9.10.8 mishandle the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS...

Astra Linux – Vulnerability in Jackson-Databind

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ubifs: Fixed races between xattrset|get and listxattr operations. Some issues may occur when performing concurrent xattrset|get and listxattr operations, such as assertion failures, memory corruption, and stale xattr values1. Thi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: spidev: fixed the lock inversion between spilock and buflock. The spidev driver previously used two mutexes, spilock and buflock, but their acquisition was done in different orders depending on the code path: - write/read:...

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Serialization. The supported versions affected include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. This easily exploitable...

Astra Linux - уязвимость в logback

A serialization vulnerability in the logback receiver component, as part of logback version 1.4.11, allows an attacker to carry out a Denial-of-Service attack by sending poisoned data...

NVIDIA TRT-LLM 代码问题漏洞

NVIDIA TRT-LM is a high-performance inference framework developed by NVIDIA Corporation for optimizing the inference acceleration and deployment of large language models. NVIDIA TRT-LM has code-related vulnerabilities, including deserialization vulnerabilities and insecure serialization handles,...

libssh: Double Free Vulnerability in libssh Key Export Functions

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additiona...

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

SUSE-SU-2026:21814-1 Security update for valkey

This update for valkey fixes the following issues - CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts bsc1258746. - CVE-2026-21863: denial of service via invalid clusterbus packet bsc1258788. - CVE-2026-23479: use-after-free in unblock client...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Multiple vulnerabilities in IBM® Db2® 12.1.3 and earlier affect IBM® Db2® Big SQL on IBM Cloud Pak for Data 5.3 and earlier. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remot...

PT-2026-41399

Name of the Vulnerable Software and Affected Versions simplesamlphp-module-casserver versions prior to 7.0.3 Description The software builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Publ...

NPM: Svelte: SSR XSS via Insecure Promise Serialization in hydratable

NPM: Svelte: SSR XSS via Insecure Promise Serialization in hydratable vulnerability discovered by ? in WordPress Npm svelte versions = 5.46.0, = 5.55.6...

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper serialization of hydratable promises. An attacker can execute arbitrary scripts in the context of the affected application by supplying specially...

GHSA-F3CJ-J4F6-WQ85 Svelte: SSR XSS via Insecure Promise Serialization in hydratable

Contents of hydratable promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true: - you are using hydratable an experimental feature at the time of this report - you are passing attacker-controlled input such that a synchrono...

Svelte: SSR XSS via Insecure Promise Serialization in hydratable

Contents of hydratable promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true: - you are using hydratable an experimental feature at the time of this report - you are passing attacker-controlled input such that a synchrono...

Exploit for CVE-2026-44403

Wing FTP Server v8.1.2 contains a Remote Code Execution RCE vu...