4552 matches found
CVE-2026-15409
Summary: CVE-2026-15409 is a Server-Side Request Forgery (SSRF) affecting SonicWall SMA1000 Appliances (Work Place interface). A remote unauthenticated attacker could force the appliance to make requests to unintended locations. The vulnerability is rated CVSS v3.1: 10.0 (CRITICAL) with network a...
CVE-2026-15409
A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: espintcp: A race condition in espintcpclose has been fixed. This issue was discovered during a code audit. After espintcpclose is called, espintcptxwork can still be scheduled using functions like the Delayed ACK handler or...
CVE-2026-8472
CVE-2026-8472 affects GitLab Enterprise Edition and reports a privilege/authorization issue where an authenticated user with minimal access could read work item metadata from private projects. The root cause is missing authorization checks, enabling unintended metadata access. Affected versions i...
CVE-2026-8472 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...
EUVD-2026-42405
GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...
PT-2026-56617
Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.9 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description An issue exists where missing authorization checks could allow an authenticated user with minimal access...
SUSE CVE-2026-53097
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix use-after-free bugs in mt7996macdumpwork When the mt7996 pci chip is detaching, the mt7996crashdata is released in mt7996coredumpunregister. However, the work item dumpwork may still be running or pending,...
Linux Distros Unpatched Vulnerability : CVE-2026-53357
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: fix UAF in l2capsockcleanuplisten vs l2capconndel btacceptdequeue unlinks a not- yet-accepted child from the parent accept queue and releasesocks it...
SUSE-SU-2026:2238-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. -...
CVE-2026-13149
brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...
CVE-2026-55686
A flaw was found in Podman. A remote attacker can exploit this vulnerability by running a malicious container image where the WORKDIR working directory path contains a symbolic link symlink. This can lead to the creation of a directory or modification of ownership on the host filesystem,...
Linux Distros Unpatched Vulnerability : CVE-2026-53098
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7915: fix use-after-free bugs in mt7915macdumpwork When the mt7915 pci chip is detaching, the mt7915crashdata is released in...
Linux Distros Unpatched Vulnerability : CVE-2026-53097
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7996: fix use-after-free bugs in mt7996macdumpwork When the mt7996 pci chip is detaching, the mt7996crashdata is released in...
[SECURITY] Fedora 44 Update: nginx-mod-js-challenge-0^20230517.gitda6852d-9.fc44
Simple JavaScript proof-of-work based access for Nginx with virtually no over head...
CVE-2026-49355
OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...
CVE-2026-44735
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the viewsharedworkpackages permission. The authorization check operates at the project level onl...
CVE-2026-44735 OpenProject: Shares API Information Disclosure
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the viewsharedworkpackages permission. The authorization check operates at the project level onl...
CVE-2026-44735
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the viewsharedworkpackages permission. The authorization check operates at the project level onl...
CVE-2026-44735
Technical details for CVE-2026-44735 are not publicly available in the provided documents. Monitor for updates.