Trilium Notes 跨站脚本漏洞

Trilium Notes is a hierarchical note application developed by Zadam, a personal developer. It focuses on building large-scale personal knowledge bases. Versions of Trilium Notes prior to 0.102.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from deficiencies such as...

Fedora 44 : kernel (2026-57965ac9f7)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-57965ac9f7 advisory. The 7.0.9-104/204 kernels contain a fix for a SKBFLSHAREDFRAG page-cache corruption vulnerability as well as some mitigations for PinTheft Tenable has...

EUVD-2026-31001

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

HTTP Request Smuggling

Overview @nuxt/nitro-server is a Nitro server integration for Nuxt Affected versions of this package are vulnerable to HTTP Request Smuggling via the nuxtisland endpoint when responses are not properly bound to request props, allowing shared-cache poisoning. An attacker can cause users to receive...

NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

NPM: Nuxt: nuxtisland endpoint does not bind responses to request props, enabling shared-cache poisoning vulnerability discovered by ? in WordPress Npm nuxt versions = 3.1.0, = 3.21.5...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the nuxtisland endpoint when responses are not properly bound to request props, allowing shared-cache poisoning. An attacker can cause users to receive attacker-controlled HTML by priming a shared cache with...

CLSA-2026-1779202006 Fix CVE(s): CVE-2026-43284, CVE-2026-46300, CVE-2026-46333

Ubuntu: 4.15.0-256.267 CVE-2026-46333 - ptrace: require CAPSYSPTRACE when task has no mm CVE-2026-46333 CVE-2026-46300 - net: skbuff: propagate shared-frag marker through copy/coalesce/gro/shift paths CVE-2026-46300 CVE-2026-43284 - xfrm: esp: avoid in-place decrypt on shared skb frags...

zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

CLSA-2026-1779204030 mod_jk: Fix of CVE-2024-46544

CVE-2024-46544: fix insecure file permissions on shared memory and lock files...

CLSA-2026-1779183792 gnutls: Fix of CVE-2026-42010

CVE-2026-42010: server-side RSA-PSK authentication bypass via NUL-byte truncation of binary PSK identities in gnutlsprocrsapskclientkx...

CVE-2026-45671

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile...

SUSE SLES15 Security Update : kernel (SUSE-SU-2026:1959-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1959-1 advisory. The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-5451...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1885-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1885-1 advisory. This update for the SUSE Linux Enterprise Kernel 4.12.14-122.272 fixes one security issue The following security issue was fixed: -...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:1880-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1880-1 advisory. This update for the SUSE Linux Enterprise Kernel 4.12.14-122.255 fixes one security issue The following security issue was fixed: -...

SUSE SLES15 Security Update : kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:1875-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1875-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.113 fixes one security issue The following security issue was fixed: - CVE-2026-4328...

SUSE SLES15 Security Update : kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1960-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1960-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.103 fixes one security issue The following security issue was fixed: - CVE-2026-4328...

SUSE SLES15 Security Update : kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:1905-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1905-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.194 fixes one security issue The following security issue was fixed: - CVE-2026-4328...

Creation of Temporary File With Insecure Permissions

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions via the...

Creation of Temporary File With Insecure Permissions

Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions via the getorcreatenfstmpdir and createmodeldownloadingtmpdir functions. An attacker can modify model artifacts by exploiting these permissions, potentially leading to arbitrary code...

Incorrect Permission Assignment for Critical Resource

Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the configuration file rewrite process. An attacker can access sensitive credentials by reading files created with overly...