Astro SSR - Open Redirect

Astro 5.2.0 through 5.12.7 contains an open redirect caused by improper handling of paths with double slashes in trailing slash redirection logic, letting attackers redirect users to arbitrary external domains, exploit requires on-demand SSR with Node or Cloudflare adapters. id: CVE-2025-54793...

WP Cerber < 8.9.3 - Broken Access Control

WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...

PT-2026-46124

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNEL UID or KERNEL GID value. The featu...

CVE-2026-45554 NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...

CVE-2026-45554 NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...

SUSE-SU-2026:2113-1 Security update for perl-Net-CIDR-Lite

This update for perl-Net-CIDR-Lite fixes the following issues - CVE-2026-45190: improper validation of trailing newlines or non-ASCII digits can lead to IP ACL bypass bsc1264710. - CVE-2026-45191: extraneous leading zeros in CIDR mask values can lead to IP ACL bypass bsc1264709. - CVE-2026-40198:...

SUSE CVE-2026-46078

In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen with unchecked nameoff...

CVE-2026-48544

Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.getresource method in taipy/gui/extension/library.py that allows unauthenticated attackers to escape the intended module directory by exploiting an incomplete path containment check using...

CVE-2026-46078

In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen with unchecked nameoff...

UBUNTU-CVE-2026-46078

In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen with unchecked nameoff...

CVE-2026-46078

In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen with unchecked nameoff...

CVE-2026-46078

In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen with unchecked nameoff...

CVE-2026-46078

Summary: CVE-2026-46078 affects the Linux kernel EROFS filesystem, where trailing dirents can trigger an out-of-bounds read due to incorrect nameoff handling. The root cause is that namelen calculations for trailing dirents use strnlen with unchecked nameoffs, allowing underflow when nameoff &gt;...

CVE-2026-46078 erofs: fix the out-of-bounds nameoff handling for trailing dirents

In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen with unchecked nameoff...

Linux Distros Unpatched Vulnerability : CVE-2026-46078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary- checks for nameoffs, but the trailing dirents are special...

PT-2026-43945

In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen with unchecked nameoff...

CVE-2026-46078

erofs: fix the out-of-bounds nameoff handling for trailing dirents...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: virtionet: Fixed a misalignment bug in struct virtnetinfo. Use the new TRAILINGOVERLAP helper to fix the misalignment bug, along with the following warning: drivers/net/virtionet.c:429:46: warning: The structure containing a...

Astra Linux - уязвимость в ntp

In the file libntp/mstolfp.c, within the NTP version 4.2.8p15, there is a buffer overflow vulnerability when copying the trailing number. An attacker may be able to exploit this vulnerability against a client’s NTPQ process, but they cannot exploit it against ntpd...

Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string

Summary dasel's selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash e.g., "\ or '. A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on v3.3.1 fba653c7f248aff10f2b89fca93929b64707dfc8...