1728 matches found
CVE-2026-3473
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...
CVE-2026-3473
CVE-2026-3473 affects Mattermost prior to fixed versions: 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x
PT-2026-42908
CVE-2026-8352 - Apache Apache HTTP Server Remote Code Execution CVE ID :CVE-2026-8352 Published : May 21, 2026, 9:16 p.m. | 22 minutes ago Description :Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in...
Insecure Default Initialization of Resource
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...
Insecure Default Initialization of Resource
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the hasValidToken function. An attacker can gain unauthorized access to create and modify FAQ entries,...
Incorrect Authorization
Overview symfony/http-kernel is a Symfony component that provides a structured process for converting a Request into a Response. Affected versions of this package are vulnerable to Incorrect Authorization in the router due to the improper enforcement of IsGranted, IsSignatureValid, and...
CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
More info at https://symfony.com/cve-2026-45075...
CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
More info at https://symfony.com/cve-2026-45075...
CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]
More info at https://symfony.com/cve-2026-45075...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi-totalvalidblockcount syzbot reported a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The issue of a null pointer dereference error in generateencryptionkey has been fixed. If a client sends two session setups with KRB5 authentication to ksmbd, a null pointer dereference error in generateencryptionkey can...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: cpufreq: The exit callback is optional. The exit callback is optional, and it should not be called without first checking a valid pointer. Additionally, we must clear the freqtable pointer even if the exit callback is not present...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rkgmacsetup KASAN reports an out-of-bounds read in rkgmacsetup at the following line: while ops-regsi This issue occurs on most platforms, as the regs field in the flexible array is empty...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: netfs: Fixed error handling for unbuffered writes If all subrequests in an unbuffered write stream fail, the subrequest collector does not update the stream-transferred value, and it retains its initial LONGMAX value...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM – Writing hgatp registers with valid mode bits According to the RISC-V Privileged Architecture Specification, when MODE=Bare is selected, software must write zero to the remaining fields of hgatp. We have previously...
Moderate: Red Hat Security Advisory: mariadb:11.8 security update
An update for the mariadb:11.8 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability
A flaw was found in MariaDB. An authenticated user can exploit a vulnerability in the JSONSCHEMAVALID function, which may lead to a server crash, resulting in a denial of service. Under specific and controlled conditions, this flaw could potentially be leveraged to achieve remote code execution,...
Moderate: Red Hat Security Advisory: galera and mariadb11.8 security update
An update for multiple packages is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability
A flaw was found in MariaDB. An authenticated user can exploit a vulnerability in the JSONSCHEMAVALID function, which may lead to a server crash, resulting in a denial of service. Under specific and controlled conditions, this flaw could potentially be leveraged to achieve remote code execution,...
RHEL 10 : galera and mariadb11.8 (RHSA-2026:19021)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19021 advisory. MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consistin...