CVE-2026-45342

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

CVE-2026-45342 LinkAce: IDOR in Update Policies Allows Any Authenticated User to Overwrite Other Users' Links, Lists, Tags, and Notes

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...

Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool

As DarkSword spreads, Apple tells WIRED it will enable iOS 18-specific fixes for millions of iPhone owners who remain on that iOS version rather than force them to update to iOS 26...

CVE-2026-27659 CSRF vulnerability in UpdateAccessControlPolicyActiveStatus endpoint

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

CLEANSTART-2026-HJ04971 vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT

Multiple security vulnerabilities affect the postgresql package. A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. See references for individual vulnerability details...

CLEANSTART-2026-FW42039 vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT

Multiple security vulnerabilities affect the postgresql package. A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. See references for individual vulnerability details...

MiracleLinux 8 : bind-9.11.20-5.el8 (AXSA:2021-1277:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1277:01 advisory. bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c CVE-2020-8619 bind: truncated TSIG response can lead to ...

EUVD-2018-17510

Malware in sbrugna...

CVE-2024-7225

A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/updatepolicy of the component Edit Insurance Policy Page. The manipulation of the argument pname leads to cross site...

Linux Distros Unpatched Vulnerability : CVE-2018-5741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various...

Fedora 41 : bind / bind-dyndb-ldap (2025-3551f3ba1b)

The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-3551f3ba1b advisory. Update to 9.16.33 2342784 Security Fixes: - DNS-over-HTTPS flooding fixes. CVE-2024-12705 - Limit additional section processing for large RDATA sets...

BIT-HARBOR-2022-31669 Harbor fails to validate the user permissions when updating tag immutability policies

Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies...

AshPostgres 安全漏洞

AshPostgres is an Ash Framework open source a PostgreSQL data layer for the Ash Framework. A security vulnerability exists in AshPostgres versions prior to 2.0.0 through 2.4.10, which stems from a policy that may be skipped for update operations under certain circumstances, resulting in the...

CVE-2024-7225 SourceCodester Insurance Management System Edit Insurance Policy Page update_policy cross site scripting

A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/updatepolicy of the component Edit Insurance Policy Page. The manipulation of the argument pname leads to cross site...

Insurance Management System 跨站脚本漏洞

Insurance Management System is an insurance management system from the individual developer Angel Jude Reyes Suarez. A cross-site scripting vulnerability exists in Insurance Management System version 1.0, which stems from the parameter pname in the file /Script/admin/core/updatepolicy that result...

CVE-2024-27221

In updatepolicydata of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Out-of-bounds

In updatepolicydata of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-27221

In updatepolicydata of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2024-21754 · Google · Android

Name of the Vulnerable Software and Affected Versions: TBD affected versions not specified Description: The issue is related to a possible out of bounds write due to a missing bounds check in the update policy data function. This could lead to local escalation of privilege with no additional...

Google Pixel Security Breach

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a lack of bounds checking in the updatepolicydata method of the TBD module, which may result in out-of-bounds writes...