CVE-2026-54906

A flaw was found in concurrent-ruby, a Ruby library for managing concurrent operations. The Concurrent::ReadWriteLock component contains a synchronization issue where write locks can be released by unauthorized threads. This could allow multiple threads to write concurrently, potentially leading ...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when deleting releases. Remediation Upgrade code.gitea.io/gitea/services/release to version 1.25.2 or higher. References - Gitea Release - GitHub Commit - GitHub PR - GitHub PR - GitHub Release - Red Hat Bugzilla...

Law enforcement app SweepWizard leaks data on crime suspects

SweepWizard, an obscure app apparently created by ODIN Intelligence and used by more than 60 law enforcement departments, has a flaw: According to an ethical hacker, a misconfiguration in the app's API application programming interface caused it to unintentionally leak to the open internet a trov...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseActiondoSubmit method allowed attackers to perform releases with attacker-specified options...