388 matches found
CVE-2026-56271
Flowise prior to 3.1.0 (versions
CVE-2026-55689 OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset
OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated...
CVE-2026-59723 Cline: Cross-Origin WebSocket Hijacking in Cline Hub Dashboard (`/browser` endpoint)
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...
CVE-2026-55849
@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...
CVE-2026-55849
The CVE affects @cyclonedx/cyclonedx-npm: from 2.1.0 up to 5.0.0, the CLI passes user-supplied --workspace values to a subshell when npm_execpath is unset or empty, enabling arbitrary OS command execution with the invoking user’s privileges. Root cause is unsanitized input used in a shell command...
PT-2026-56625
Name of the Vulnerable Software and Affected Versions Cline versions prior to 3.0.30 Description The Cline Hub dashboard server, initiated via the cline dashboard command, fails to validate the Origin header for WebSocket connections on the /browser endpoint. When the ROOM SECRET is unset for loc...
CVE-2026-14474
A flaw was found in SSSD's LDAP sudo provider. When the ldapsudosearchbase option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo...
Linux Distros Unpatched Vulnerability : CVE-2026-14474
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in SSSD's LDAP sudo provider. When the ldapsudosearchbase option is not explicitly configured, SSSD searches the entire LDAP directory tree for...
CVE-2026-12481
The CVE affects keras-team/keras 3.14.0, where deserialization in the Lambda layer can bypass the safe-mode guard. The root cause is _raise_for_lambda_deserialization() treating safe_mode=None as unset/deny, allowing attacker-controlled marshal bytecode to be deserialized. Affected call sites inc...
EUVD-2026-41600
A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the Lambda layer. Specifically, the raiseforlambdadeserialization function fails to enforce the safe-mode guard when safemode is set to None, which is the default...
lodash: prototype pollution in _.unset and _.omit functions
A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...
lodash: prototype pollution in _.unset and _.omit functions
A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...
PYSEC-2026-438 OpenViking: Unauthenticated remote bot control via OpenAPI HTTP routes
OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...
GO-2026-5423 OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset in github.com/openfga/openfga
OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset in github.com/openfga/openfga...
UBUNTU-CVE-2026-53142
In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe-info.probedisplay. It gets set to false if there's no display aft...
CVE-2026-53142 drm/xe/display: fix oops in suspend/shutdown without display
In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe-info.probedisplay. It gets set to false if there's no display aft...
CVE-2026-53142 drm/xe/display: fix oops in suspend/shutdown without display
In the Linux kernel, the following vulnerability has been resolved: drm/xe/display: fix oops in suspend/shutdown without display The xe driver keeps track of whether to probe display, and whether display hardware is there, using xe-info.probedisplay. It gets set to false if there's no display aft...
CVE-2026-52942
In the Linux kernel, the following vulnerability has been resolved: netfilter: nflog: validate MAC header was set before dumping it The fallback path of dumpmacheader guards the MAC header access only with "skb-macheader != skb-networkheader", without checking skbmacheaderwasset. When the MAC...
UBUNTU-CVE-2026-52942
In the Linux kernel, the following vulnerability has been resolved: netfilter: nflog: validate MAC header was set before dumping it The fallback path of dumpmacheader guards the MAC header access only with "skb-macheader != skb-networkheader", without checking skbmacheaderwasset. When the MAC...
EUVD-2026-38712
In the Linux kernel, the following vulnerability has been resolved: netfilter: nflog: validate MAC header was set before dumping it The fallback path of dumpmacheader guards the MAC header access only with "skb-macheader != skb-networkheader", without checking skbmacheaderwasset. When the MAC...