4531 matches found
CVE-2026-22592
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and 0.14.0+dev...
PT-2026-6798
Name of the Vulnerable Software and Affected Versions Trilium Notes versions prior to 0.101.0 Description Trilium Notes is a cross-platform note taking application. A timing attack in the sync authentication endpoint allows unauthenticated remote attackers to recover HMAC authentication hashes...
CVE-2026-1898
A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...
CVE-2026-1898
A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...
CVE-2026-1898
A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...
CVE-2026-1898
Issue summary: CVE-2026-1898 affects WeKan up to 8.20 in the LDAP User Sync component, specifically the file packages/wekan-ldap/server/syncUser.js. The vulnerability enables improper access controls and can be exploited remotely. Impact (as described): remote attack capable due to access-control...
CVE-2026-1898 WeKan LDAP User Sync syncUser.js SyncLDAPBleed access control
A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...
CVE-2026-1898 WeKan LDAP User Sync syncUser.js SyncLDAPBleed access control
A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...
EUVD-2026-5537
A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...
SUSE CVE-2026-23109
In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip ASNODATAINTEGRITY mappings in waitsbinodes Above the while loop in waitsbinodes, we document that we must wait for all pages under writeback for data integrity. Consequently, if a mapping, like fuse,...
Malicious code in react-vite-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9f5300073ebcda0869cf258bc5c567c6afc40942b14d14a97bfeaa2eaff1b9c The package react-vite-sync was found to contain malicious code. Source: ghsa-malware 971cc1d747c2d072e4a3cc272143be37bbd2162968dfd682012890e87cda562...
MAL-2026-747 Malicious code in react-vite-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9f5300073ebcda0869cf258bc5c567c6afc40942b14d14a97bfeaa2eaff1b9c The package react-vite-sync was found to contain malicious code. Source: ghsa-malware 971cc1d747c2d072e4a3cc272143be37bbd2162968dfd682012890e87cda562...
MAL-2026-748 Malicious code in web3-chain-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8092971594fb2e6c9a5748ec492ca88c9a8cc396917b314f09e5c3c85e0d130 The package web3-chain-sync was found to contain malicious code. Source: ghsa-malware a73489541e1d91e9e98d8ee52b10cc423ddd5b990bee23731cfa78e9bce3be0...
Malicious code in web3-chain-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8092971594fb2e6c9a5748ec492ca88c9a8cc396917b314f09e5c3c85e0d130 The package web3-chain-sync was found to contain malicious code. Source: ghsa-malware a73489541e1d91e9e98d8ee52b10cc423ddd5b990bee23731cfa78e9bce3be0...
Malicious code in react-count-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bf23710693921f6b69d38cf0abd8fa7ce2f181bfa2df9fa9777f59e0e4954e7 The package react-count-sync was found to contain malicious code. Source: ghsa-malware 9a44b72820f2af0bcbd60f65787e0707617e4f7428aa2c9407bec9f8decb07...
MAL-2026-746 Malicious code in react-count-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bf23710693921f6b69d38cf0abd8fa7ce2f181bfa2df9fa9777f59e0e4954e7 The package react-count-sync was found to contain malicious code. Source: ghsa-malware 9a44b72820f2af0bcbd60f65787e0707617e4f7428aa2c9407bec9f8decb07...
Malicious Package
Overview web3-chain-sync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview react-count-sync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2026-25020
Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through = 1.7.0...
CVE-2026-23109
CVE-2026-23109 affects the Linux kernel writeback subsystem. The vulnerability arises in fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes(), where the system must wait for all pages under writeback for data integrity. Because some mappings (e.g., FUSE) do not enforce data integr...