1088 matches found
SUSE-SU-2026:20170-1 Security update for cockpit-subscriptions
This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: - CVE-2025-64718: js-yaml: fixed prototype pollution in merge bsc1255425...
OPENSUSE-SU-2026:20117-1 Security update for cockpit-subscriptions
This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: - CVE-2025-64718: js-yaml: fixed prototype pollution in merge bsc1255425...
CVE-2026-23964 Mastodon has insufficient access control to push notification settings
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's push subscription by guessing or obtaining th...
EUVD-2026-4210
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's push subscription by guessing or obtaining th...
CVE-2026-23964
Mastodon vendor: Mastodon server (ActivityPub). Vulnerability CVE-2026-23964 is an insecure direct object reference in the web push subscription update endpoint affecting versions < 4.5.5, < 4.4.12, and
CVE-2026-23964 Mastodon has insufficient access control to push notification settings
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's push subscription by guessing or obtaining th...
PT-2026-3902
Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.5 Mastodon versions prior to 4.4.12 Mastodon versions prior to 4.3.18 Description Mastodon is a social network server. An insecure direct object reference exists in the web push subscription update endpoint. An...
PT-2026-3628
Name of the Vulnerable Software and Affected Versions tinyMQTT versions prior to commit 6226ade15bd4f97be2d196352e64dd10937c1962 Description A memory leak exists because the broker does not validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeat...
MiracleLinux 3 : cups-1.2.4-11.18.3.1AXS3 (AXSA:2008-539:06)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-539:06 advisory. The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It has been developed by Easy Software Products to promote a...
CVE-2026-21921
A Use After Free vulnerability in the chassis daemon chassisd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service DoS. When telemetry collectors are frequently subscribing and unsubscribing to sensors...
CVE-2026-21921
A Use After Free vulnerability in the chassis daemon chassisd of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service DoS. When telemetry collectors are frequently subscribing and unsubscribing to sensors...
CVE-2026-21903 Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash
A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...
CVE-2026-21903 Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash
A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...
EUVD-2026-2692
A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...
CVE-2025-68788
An information disclosure flaw was found in the Linux kernel's fsnotify subsystem. When monitoring a parent directory like /dev, users could observe ACCESS and MODIFY events on special files such as /dev/null that they cannot directly read. This creates a side-channel that could potentially be us...
PT-2026-3118
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S7 Juniper Networks Junos OS versions prior to 23.2R2-S4 Juniper Networks Junos OS versions prior to 23.4R2 Description A Stack-based Buffer Overflow exists in the Packet Forwarding Engine pfe...
CVE-2026-22805
Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and...
CVE-2026-22805
Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and...
CVE-2026-22805 Metabase channel test endpoint can reach internal local addresses
Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be potentially impacted if their Metabase is colocated with other unsecured resources. This vulnerability is fixed in 55.13, 56.3, and...
CVE-2026-22805
CVE-2026-22805 affects Metabase. Before versions 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscriptions could be impacted if colocated with other unsecured resources. The issue is fixed in 55.13, 56.3, and 57.1. Affected software: Metabase open-source data ...