CVE-2026-48592

Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...

CLSA-2026-1779356802 vim: Fix of 21 CVEs

CVE-2022-0572: heap overflow on vcol-overflow in :retab upstream vim 8.2.4359 - CVE-2022-0368: illegal memory access when undo makes Visual area invalid upstream vim 8.2.4217 - CVE-2022-0685: crash on multi-byte char in unixexpandpath upstream vim 8.2.4418 - CVE-2022-2125: heap overflow in...

magento-lts 安全漏洞

Magento LTS is an open-source alternative to OpenMage, and it’s a reliable substitute for the official Magento CE version. Versions of Magento LTS prior to 20.18.0 had security vulnerabilities; these vulnerabilities stemmed from reflection-type cross-site scripting vulnerabilities in the data...

CVE-2026-45369

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...

Astra Linux - уязвимость в vim

A heap-based buffer overflow exists in Vim/vim 9.0.0946 and earlier, as it allows an attacker to use CTRL-W gf in the expression used in the right-hand side of the substitute command...

CVE-2026-31613

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUSSTOPPEDONSYMLINK, smb2checkmessage returns success without any length validation, leaving the symlink parsers as the only defense against an...

USN-8091-1 util-linux vulnerability

It was discovered that the util-linux su utility did not drop capabilities when being used with the --pty option. While not a security issue by itself, a local attacker could possibly use the su tool to exploit vulnerabilities in other applications...

EUVD-2022-55726

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix DMA mappings leak During reallocation of RX buffers, new DMA mappings are created for those buffers. steps for reproduction: while : do for i=0; i=8160; i=i+32 do ethtool -G enp130s0f0 rx $i tx $i sleep 0.5 ethtool -g...

[SECURITY] Fedora 42 Update: sudo-rs-0.2.10-1.fc42

A memory safe implementation of sudo and su...

Malicious code in eridanus-hyperion-vuepress-janus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a5882bd95a1aeb8072494322b2b3bd816162a0b8db32129f4b31b572f6b2ff7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2022-51503

Malicious code in bioql PyPI...

EUVD-2022-6816

Malicious code in bioql PyPI...

EUVD-2023-29677

Malicious code in bioql PyPI...

CVE-2021-44886

In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to...

OESA-2023-1902 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

UBUNTU-CVE-2023-48706

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory which may later...

CVE-2023-45160

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locke...

CVE-2022-43703

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files...

CVE-2022-43703

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files...

CVE-2023-25780

It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence...