CVE-2025-68621 Trilium Notes has a Timing Attack Vulnerability in /api/login/sync

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...

Gogs has a Denial of Service issue

Summary An authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. Details If GetMirrorByRepoID fails, the error log dereferencing null pointer. This happens if the repository no longer exits...

CVE-2026-22592 Gogs is Vulnerable to Denial of Service

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2026-22592 Gogs is Vulnerable to Denial of Service

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2026-22592

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

PT-2026-6798

Name of the Vulnerable Software and Affected Versions Trilium Notes versions prior to 0.101.0 Description Trilium Notes is a cross-platform note taking application. A timing attack in the sync authentication endpoint allows unauthenticated remote attackers to recover HMAC authentication hashes...

CVE-2026-1898

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...

CVE-2026-1898

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...

EUVD-2026-5537

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...

CVE-2026-1898

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...

CVE-2026-1898 WeKan LDAP User Sync syncUser.js SyncLDAPBleed access control

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...

CVE-2026-1898

Issue summary: CVE-2026-1898 affects WeKan up to 8.20 in the LDAP User Sync component, specifically the file packages/wekan-ldap/server/syncUser.js. The vulnerability enables improper access controls and can be exploited remotely. Impact (as described): remote attack capable due to access-control...

CVE-2026-1898 WeKan LDAP User Sync syncUser.js SyncLDAPBleed access control

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...

SUSE CVE-2026-23109

In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip ASNODATAINTEGRITY mappings in waitsbinodes Above the while loop in waitsbinodes, we document that we must wait for all pages under writeback for data integrity. Consequently, if a mapping, like fuse,...

Malicious code in react-vite-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9f5300073ebcda0869cf258bc5c567c6afc40942b14d14a97bfeaa2eaff1b9c The package react-vite-sync was found to contain malicious code. Source: ghsa-malware 971cc1d747c2d072e4a3cc272143be37bbd2162968dfd682012890e87cda562...

MAL-2026-747 Malicious code in react-vite-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9f5300073ebcda0869cf258bc5c567c6afc40942b14d14a97bfeaa2eaff1b9c The package react-vite-sync was found to contain malicious code. Source: ghsa-malware 971cc1d747c2d072e4a3cc272143be37bbd2162968dfd682012890e87cda562...

MAL-2026-746 Malicious code in react-count-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bf23710693921f6b69d38cf0abd8fa7ce2f181bfa2df9fa9777f59e0e4954e7 The package react-count-sync was found to contain malicious code. Source: ghsa-malware 9a44b72820f2af0bcbd60f65787e0707617e4f7428aa2c9407bec9f8decb07...

Malicious code in react-count-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bf23710693921f6b69d38cf0abd8fa7ce2f181bfa2df9fa9777f59e0e4954e7 The package react-count-sync was found to contain malicious code. Source: ghsa-malware 9a44b72820f2af0bcbd60f65787e0707617e4f7428aa2c9407bec9f8decb07...

Malicious Package

Overview web3-chain-sync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview react-count-sync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...