CVE-2026-44776 Kavita: IDOR in /api/Download/*

Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...

EUVD-2025-198896

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

CVE-2025-60915

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

CVE-2025-60915

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

CVE-2025-60915

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

PT-2025-47931

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-443680)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-443680 advisory. In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change...

hfsplus: don't query the device logical block size multiple times

...