60 matches found
CVE-2026-48681
A flaw was found in OpenStack Ironic before 35.0.2. A directory traversal vulnerability during deployment allows an attacker to overwrite files on the system when a crafted ISO image is used. This can compromise confidentiality and integrity of files on the deployment target...
OpenStack Ironic 安全漏洞
OpenStack Ironic is an integrated OpenStack application developed under the OpenStack open source framework. It is used to configure bare machines rather than virtual machines. OpenStack Ironic versions 35.0.x and earlier contain security vulnerabilities, which stem from a vulnerability that allo...
Astra Linux - уязвимость в tar
In the sparse.c file of GNU Tar, before version 1.32, there was a NULL pointer dereferencing issue when parsing certain archives that contained malformed extended headers...
MINI-M8MW-3WP4-V32X
Bulletin has no description...
Gibbon 安全漏洞
Gibbon is a school platform developed by the Gibbon team that addresses practical problems encountered by educators every day. Versions of Gibbon prior to v30.0.01 contained security vulnerabilities. These vulnerabilities were caused by path traversal attacks. When attempting to extract PHP files...
CVE-2026-44916
In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...
CVE-2026-40097 Step CA affected by an index out of bounds panic in TPM attestation EKU validation
Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...
EUVD-2026-17538
An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
PT-2026-29299
An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
CVE-2026-30278
An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
CVE-2026-33541
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...
EUVD-2026-10067
TSPortal: Any user can forge self-deletion requests for any account...
CVE-2026-33541
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...
CVE-2026-33541 TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...
CVE-2026-33541 TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...
CVE-2026-29788
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...
CVE-2026-29788
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...
CVE-2026-29788 TSPortal: Anyone can forge self-deletion requests of any user
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...
CVE-2026-29788
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...
CVE-2026-29788 TSPortal: Anyone can forge self-deletion requests of any user
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been...