GHSA-J443-WCQQ-XPRH Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go

Summary A critical vulnerability has been identified at https://security.snyk.io/package/linux/chainguard:latest/terraform-provider-sendgrid, associated with the underlying Go version. If the server's TLS configuration is mutated between connections — for example, a CA is removed from the trusted...

UBUNTU-CVE-2025-52992

The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...

CVE-2023-28686

Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive informati...

PT-2022-10329 · Baijiacms · Baijiacms

Name of the Vulnerable Software and Affected Versions: baijiacms version 4 Description: An issue was discovered that allows modification of store information and login password due to a CSRF vulnerability. Recommendations: For baijiacms version 4, update to a version that includes a fix for this...