CVE-2026-31573

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to initconst misuse Fix a kernel panic when probing the driver as a module: Unable to handle kernel paging request at virtual address ffffd9c18eb05000 offindmatchingnodeandmatch+0x5c/0x1a0...

Microchip IStaX 安全漏洞

Microchip IStaX is a Ethernet switch software development platform developed by Microchip Corporation in the United States. Versions of Microchip IStaX prior to version 2026.03 contained security vulnerabilities. These vulnerabilities were caused by the exposure of the cookie key for shared...

CVE-2026-34454

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

CVE-2026-34454

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

OAuth2 Proxy 代码问题漏洞

OAuth2 Proxy is a product developed by OAuth2 Proxy organization that can provide a reverse proxy for authentication with Google, Github, or other providers. Versions of OAuth2 Proxy from 7.11.0 to 7.15.2 had code-related vulnerabilities. This vulnerability stemmed from a regression issue that...

CVE-2026-23624 GLPI is vulnerable to session stealing on externally authenticated user change

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...

CVE-2025-69581

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to...

CVE-2023-31678

Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended...

CVE-2025-4975 Tapo privilege escalation on shared devices using notifications

When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device...

CVE-2025-4975 Tapo privilege escalation on shared devices using notifications

When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device...

PT-2025-22565 · Tp Link Systems · Tp-Link Tapo Apk

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Tapping a low battery notification on a shared device grants full access to the power settings. This issue affects shared devices, potentially allowing unauthorized access to device settings...

CVE-2025-24973

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...

CVE-2025-24973 Concorde not removing authentication tokens after logging out

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...

PT-2025-6251 · Concorde · Concorde

Name of the Vulnerable Software and Affected Versions: Concorde versions prior to 12.25Q1.1 Description: The issue arises from an improper implementation of the logout process, causing authentication credentials to remain in cookies even after a user has explicitly logged out. This may allow an...

PT-2025-6243 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions 12.109.0 through 2025.2.0-alpha.0 Description: Misskey is an open source, federated social media platform. A login token named token is stored in a cookie for authentication purposes in Bull Dashboard, but this remains...

Relationship broken up? Here’s how to separate your online accounts

Breaking up is hard to do. The internet has made it harder. With couples today regularly sharing access to one another’s email accounts, streaming services, social media platforms, online photo albums, and more, the risk of a bad breakup isn’t just heartache. Equipped with unfettered access into...

CVE-2023-31678

Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended...

CVE-2023-31678

Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended...

Improper access control

Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended...

CVE-2023-31678

Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended...