4663 matches found
CVE-2026-7387 Mattermost group syncable endpoints allow privilege escalation via scheme_admin
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...
RUSTSEC-2026-0177 Missing `Sync` bound on `PyCFunction::new_closure` closures
PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...
CVE-2026-49270
A flaw was found in Apache ActiveMQ. An unauthenticated attacker can exploit this vulnerability when brokers are configured with a network connector with syncDurableSubs set to true. By sending a BrokerInfo command, the attacker can receive a list of all durable topic subscriptions, including...
GHSA-QVV5-JQ5G-4CGG Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload
Impact Any baileys session under the latest version false in socket config. There are no workarounds for the app state sync jamming...
Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload
Impact Any baileys session under the latest version false in socket config. There are no workarounds for the app state sync jamming...
PT-2026-48544
Name of the Vulnerable Software and Affected Versions Baileys versions prior to 6.7.22 Baileys versions prior to 7.0.0-rc12 Description An authentication-bypass-by-spoofing flaw allows a remote unauthenticated attacker to send a maliciously crafted protocolMessage payload via the...
Chromium: CVE-2026-11034 Insufficient validation of untrusted input in Tab Group Sync
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
...
X.Org Server SyncAwaitFence Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...
EUVD-2026-35129
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...
CVE-2026-46314
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3dgetextensions walks a userspace-provided singly-linked list of ioctl extensions without any bound on the chain length. A local user can craft a self-referentia...
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET aka GRIMBOLT and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks...
Important: xorg-x11-server
Issue Overview: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but...
Important: xorg-x11-server-Xwayland
Issue Overview: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but...
PT-2026-47385
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A local user can cause an infinite loop in the kernel context by crafting a self-referential extension where ext-next == &ext with zero in sync count and out sync count. This occurs...
TencentOS Server 4: xorg-x11-server (TSSA-2026:0294)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0294 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Amazon Linux 2 : xorg-x11-server, --advisory ALAS2-2026-3336 (ALAS-2026-3336)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3336 advisory. A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer...
CVE-2026-2500
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...
CVE-2026-11034
An insufficient validation of untrusted input flaw was found in the Tab Group Sync component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497934980...
SUSE CVE-2026-11034
Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via malicious network traffic. Chromium security severity: Medium...