If you’ve been looking at buying a MacBook Neo, now is the time.Latest newsRead More
Vulnerabilities
CVE-2026-57522 | bitwarden server 1.35.1/2026.4.0/2026.4.1 Datadog Endpoint IntegrationTemplateProcessor.ReplaceTokens injection
A vulnerability classified as critical has been found in bitwarden server 1.35.1/2026.4.0/2026.4.1. The impacted element is the function IntegrationTemplateProcessor.ReplaceTokens of
CVE-2026-55960 | wolfSSL up to 5.9.1 X.509 Certificate ParseCertRelative certificate validation
A vulnerability classified as problematic was found in wolfSSL up to 5.9.1. This affects the function ParseCertRelative of the component
CVE-2025-71328 | Flowise up to 3.0.9 unverified password change (GHSA-fjh6-8679-9pch)
A vulnerability, which was classified as critical, has been found in Flowise up to 3.0.9. This impacts an unknown function.
CVE-2026-56445 | pydicom pynetdicom Library up to 3.0.4 STORE os.path.join path traversal
A vulnerability, which was classified as critical, was found in pydicom pynetdicom Library up to 3.0.4. Affected is the function
CVE-2026-6679 | wolfSSL up to 5.9.0 out-of-bounds write
A vulnerability has been found in wolfSSL up to 5.9.0 and classified as critical. Affected by this vulnerability is an
CVE-2026-6681 | wolfSSL up to 5.9.0 out-of-bounds write
A vulnerability was found in wolfSSL up to 5.9.0 and classified as critical. Affected by this issue is some unknown
CVE-2026-2299 | Mattermost Google Drive Plugin up to 1.0.0/1.0.x File Creation Endpoint authorization
A vulnerability was found in Mattermost Google Drive Plugin up to 1.0.0/1.0.x. It has been classified as problematic. This affects
CVE-2021-47986 | parse-community parse-server up to 4.9.x code download (GHSA-593v-wcqx-hq2w)
A vulnerability was found in parse-community parse-server up to 4.9.x. It has been declared as problematic. This vulnerability affects unknown
CVE-2021-47987 | parse-community parse-server up to 4.9.x code download (GHSA-593v-wcqx-hq2w)
A vulnerability was found in parse-community parse-server up to 4.9.x. It has been rated as problematic. This issue affects some
CVE-2025-71335 | Flowise up to 3.0.9 Password Change session expiration (GHSA-x7rp-qj2h-ghgw)
A vulnerability categorized as critical has been discovered in Flowise up to 3.0.9. Impacted is an unknown function of the
CVE-2025-71333 | Flowise up to 2.2.4 /api/v1/attachments chatflowId file inclusion (GHSA-h42x-xx2q-6v6g)
A vulnerability identified as critical has been detected in Flowise up to 2.2.4. The affected element is an unknown function
CVE-2025-71336 | Flowise up to 3.0.5 Custom MCP Feature customMCP os command injection (GHSA-6933-jpx5-q87q)
A vulnerability labeled as critical has been found in Flowise up to 3.0.5. The impacted element is an unknown function
CVE-2026-37452 | NBFoundation MSI NBFoundation Service 2.0.2506.1201 MSIAPService.exe permission
A vulnerability marked as critical has been reported in NBFoundation MSI NBFoundation Service 2.0.2506.1201. This affects an unknown function of
CVE-2026-38637 | relibc pthread_rwlockattr_setpshared denial of service (Issue 264)
A vulnerability described as problematic has been identified in relibc. This impacts the function pthread_rwlockattr_setpshared. The manipulation results in denial
CVE-2026-57521 | bitwarden server 1.35.1/2026.4.0/2026.4.1 PreviewInvoiceController Endpoint authorization
A vulnerability classified as problematic has been found in bitwarden server 1.35.1/2026.4.0/2026.4.1. Affected is an unknown function of the component
CVE-2026-10098 | wolfSSL up to 5.9.1 certificate validation
A vulnerability classified as problematic was found in wolfSSL up to 5.9.1. Affected by this vulnerability is an unknown functionality.
CVE-2026-38640 | relibc /assert/mod.rs __assert_fail denial of service (Issue 262)
A vulnerability, which was classified as problematic, has been found in relibc. Affected by this issue is the function __assert_fail
CVE-2026-22879 | vtk vtk-DICOM 9.5.2 NewDataElement array index (TALOS-2026-2366)
A vulnerability, which was classified as problematic, was found in vtk vtk-DICOM 9.5.2. This affects the function vtkDICOMItem::NewDataElement. Executing a
CVE-2026-46602 | NLnet Labs x-image-tiff up to 0.42.x TIFF Decoder memory allocation
A vulnerability has been found in NLnet Labs x-image-tiff up to 0.42.x and classified as problematic. This vulnerability affects unknown
CVE-2026-7511 | wolfSSL up to 5.9.1 signature verification
A vulnerability was found in wolfSSL up to 5.9.1 and classified as problematic. This issue affects some unknown processing. The
CVE-2026-46601 | x-image-webp up to 0.42.x on Go out-of-bounds
A vulnerability was found in x-image-webp up to 0.42.x on Go. It has been classified as problematic. Impacted is an
CVE-2026-6412 | wolfSSL up to 5.9.1 risky encryption
A vulnerability was found in wolfSSL up to 5.9.1. It has been declared as problematic. The affected element is an
CVE-2026-6678 | wolfSSL up to 5.9.1 integer underflow
A vulnerability was found in wolfSSL up to 5.9.1. It has been rated as problematic. The impacted element is an
CVE-2020-37256 | Grav up to 1.6.29 cross site scripting (GHSA-cvmr-6428-87w9)
A vulnerability categorized as problematic has been discovered in Grav up to 1.6.29. This affects an unknown function. Executing a
Debian dnsdist Important Security Advisory DSA-6367-1 for Denial of Service
Multiple security vulnerabilities were discovered in the dnsdist DNS loadbalancer, which could result in denial of service, information disclosure or
Debian pdns Significant Denial of Service Resolution DSA-6368-1
It was discovered that incorrect request handling in the internal web server of the PowerDNS DNS server could result in
Debian PDNS Recursor Critical Denial Of Service Issues DSA-6369-1
Multiple vulnerabiliites have been discovered in PDNS Recursor, a resolving name server which could result in denial of service, cache
SUSE Linux Kernel Important 21 Fixes DoS and Related Issues 2026-2631-1
An update that solves 21 vulnerabilities and has two security fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Linux Kernel Important Security Update 2026-2630-1
An update that solves 29 vulnerabilities and has four security fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE Kernel Releases Critical Security Update 2026-2630-1 Now
An update that solves 29 vulnerabilities and has four security fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Libzypp Moderate Path Traversal Local Overwrite Issue 2026-2628-1
An update that solves two vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Python-PyJWT Critical SSRF DoS Security Update 2026-2627-1
An update that solves four vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2026-50017 | pnpm up to 10.33.3/11.3.x information disclosure
A vulnerability was found in pnpm up to 10.33.3/11.3.x and classified as problematic. This affects an unknown function. The manipulation
CVE-2026-55700 | pnpm up to 11.5.2 Manifest name/version path traversal
A vulnerability was found in pnpm up to 11.5.2. It has been classified as critical. This impacts an unknown function
CVE-2026-6094 | wolfSSL up to 5.9.1 EnvelopedData out-of-bounds
A vulnerability was found in wolfSSL up to 5.9.1. It has been declared as problematic. Affected is an unknown function
Ubuntu 25.10 AMD Microcode Critical Data Exposure Vulnerability USN-8475-1
Several security issues were fixed in AMD Microcode.LinuxSecurity – Security AdvisoriesRead More
Debian libssh2 Critical Memory Disclosure DoS Exec Code DSA-6365-1
Multiple security vulnerabilities were discovered in libssh2, a client-side C library implementing the SSH2 protocol which could result in memory
Debian SOGo Critical XSS SQL Injection Issues DSA-6366-1
Multiple security vulnerabilities were discovered in the SOGo groupware server, which could result in cross-site scripting or SQL injection. For
Debian LTS libtext-csv-xs-perl Use-After-Free Issue Fixed DLA-4648-1
A use-after-free issue was found in libtext-csv-xs-perl, a Perl C/XS module to process Comma-Separated Value files, which may yield type
Fedora 43 Goose Critical DNS Rebinding Threat Fix 2026-08bb036c3e
Update goose to 1.36.0LinuxSecurity – Security AdvisoriesRead More
SUSE Google-Osconfig-Agent Important Denial of Service Vuln 2026-22242-1
An update that solves 23 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Libarchive Important Denial of Service and Code Exec 2026-22241-1
An update that solves five vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Micro 6.0 python-PyJWT Important DoS Issues Fixed 2026-22238-1
An update that solves five vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE python-PyJWT Important SSRF DoS Risks Vulnerability 2026-2626-1
An update that solves five vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
Debian Chromium Critical Code Execution Denial of Service DSA-6364-1
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information
CVE-2026-45233 | danpros htmly up to 3.1.1 Admin Autosave Endpoint admin.php file_exists oldfile path traversal
A vulnerability, which was classified as critical, was found in danpros htmly up to 3.1.1. This affects the function file_exists
CVE-2026-54573 | Outline up to 1.7.x AuthenticationHelper.canAccess authorization (GHSA-5×79-rj4g-qrh8)
A vulnerability has been found in Outline up to 1.7.x and classified as problematic. This impacts the function AuthenticationHelper.canAccess. The
CVE-2026-54037 | danny-avila LibreChat up to 0.8.4 Conversation /api/convos/fork allocation of resources (GHSA-g445-9wq6-jf3v)
A vulnerability was found in danny-avila LibreChat and classified as problematic. Affected is an unknown function of the file /api/convos/fork
CVE-2026-9083 | Keycloak on Red Hat Key Provider keystore path traversal
A vulnerability was found in Keycloak on Red Hat. It has been classified as critical. Affected by this vulnerability is
CVE-2026-9099 | Keycloak on Red Hat Admin REST API GroupResource.addChild authorization
A vulnerability was found in Keycloak on Red Hat. It has been declared as problematic. Affected by this issue is
CVE-2026-9705 | Keycloak on Red Hat Registration session expiration
A vulnerability was found in Keycloak on Red Hat. It has been rated as critical. This affects an unknown part
CVE-2026-9799 | Keycloak on Red Hat PERMISSIVE Policy Enforcement Mode authorization
A vulnerability categorized as critical has been discovered in Keycloak on Red Hat. This vulnerability affects unknown code of the
CVE-2026-54024 | danny-avila LibreChat up to 0.8.4 Configuration /api/convos/import createMulterInstance allocation of resources (GHSA-52f6-fqwv-jccf)
A vulnerability identified as problematic has been detected in danny-avila LibreChat. This issue affects the function createMulterInstance of the file
CVE-2026-54027 | danny-avila LibreChat up to 0.8.4 Image Endpoint /api/files/images authorization (GHSA-c55r-p24w-hcj5)
A vulnerability labeled as problematic has been found in danny-avila LibreChat. Impacted is an unknown function of the file /api/files/images
CVE-2026-54030 | danny-avila LibreChat up to 0.8.4 MCP resource origin validation (GHSA-gvpj-vm2f-2m23)
A vulnerability marked as problematic has been reported in danny-avila LibreChat up to 0.8.4. The affected element is an unknown
CVE-2026-54448 | aquasecurity trivy up to 0.70.x allocation of resources (GHSA-q3fv-x8vg-qqm4)
A vulnerability described as problematic has been identified in aquasecurity trivy up to 0.70.x. The impacted element is an unknown
CVE-2026-55411 | ToolJet up to 3.20.1780-l decrypt authorization (GHSA-x7qj-hfg8-p4cw)
A vulnerability classified as problematic has been found in ToolJet up to 3.20.1780-l. This affects an unknown function of the
CVE-2026-55439 | halo-dev halo up to 2.24.2 Backup Download Endpoint /apis/console.api MigrationServiceImpl.download path traversal (ID 10064)
A vulnerability classified as critical was found in halo-dev halo up to 2.24.2. This impacts the function MigrationServiceImpl.download of the
CVE-2026-9800 | Keycloak on Red Hat Query Parameter comparison using wrong factors
A vulnerability, which was classified as critical, has been found in Keycloak on Red Hat. Affected is an unknown function
CVE-2026-13351 | zephyrproject-rtos Zephyr up to 4.3 Network Packet release of resource (GHSA-cv4q-2j56-4wqf)
A vulnerability, which was classified as critical, was found in zephyrproject-rtos Zephyr up to 4.3. Affected by this vulnerability is
CVE-2026-54025 | danny-avila LibreChat up to 0.8.4-rc1/15.0.12 markdown.ts cross site scripting (GHSA-3phr-62qf-cxf3)
A vulnerability has been found in danny-avila LibreChat up to 0.8.4-rc1/15.0.12 and classified as problematic. Affected by this issue is
CVE-2026-54029 | danny-avila LibreChat up to 0.8.4 Id Endpoint /api/messages authorization (GHSA-8892-xj8q-59xc)
A vulnerability was found in danny-avila LibreChat and classified as problematic. This affects an unknown part of the file /api/messages
CVE-2026-54033 | danny-avila LibreChat up to 0.8.4 API Endpoint server-side request forgery (GHSA-gc9r-88c3-7qhq)
A vulnerability was found in danny-avila LibreChat. It has been classified as critical. This vulnerability affects unknown code of the
CVE-2026-54040 | danny-avila LibreChat up to 0.8.4 Session Token regenerate missing authentication (GHSA-h59w-x9h4-m6gv)
A vulnerability was found in danny-avila LibreChat. It has been declared as critical. This issue affects some unknown processing of
CVE-2026-55092 | aquasecurity trivy up to 0.71.0 Annotation path traversal
A vulnerability was found in aquasecurity trivy up to 0.71.0. It has been rated as critical. Impacted is an unknown
CVE-2026-56123 | socat up to 1.8.1.1 DOMAINNAME Reply Parser heap-based overflow
A vulnerability categorized as critical has been discovered in socat up to 1.8.1.1. The affected element is an unknown function
CVE-2026-55412 | ToolJet up to 3.20.178-lt/169.254.169.254.nip.io RestAPI Data Source server-side request forgery (GHSA-h49f-mhmm-jx4w)
A vulnerability identified as critical has been detected in ToolJet up to 3.20.178-lt/169.254.169.254.nip.io. The impacted element is an unknown function
CVE-2026-55413 | ToolJet up to 3.20.178-lt code injection (GHSA-jgmf-cw3v-r98x)
A vulnerability labeled as critical has been found in ToolJet up to 3.20.178-lt. This affects an unknown function. Such manipulation
CVE-2026-9086 | Keycloak on Red Hat Redirect cross site scripting
A vulnerability marked as problematic has been reported in Keycloak on Red Hat. This impacts an unknown function of the
CVE-2026-13350 | pretix Venueless authorization (GHSA-hj6j-wpgc-qrp5 / 0a35457f)
A vulnerability described as problematic has been identified in pretix Venueless. Affected is an unknown function. Executing a manipulation can
CVE-2026-6291 | wolfSSL up to 5.9.1 EnvelopedData timing discrepancy
A vulnerability classified as problematic has been found in wolfSSL up to 5.9.1. Affected by this vulnerability is an unknown
CVE-2026-55961 | wolfSSL up to 5.9.1 Certificate Chain wolfSSL_PKCS7_verify signature verification
A vulnerability classified as problematic was found in wolfSSL up to 5.9.1. Affected by this issue is the function wolfSSL_PKCS7_verify
CVE-2026-11999 | wolfSSL up to 5.9.1 wolfSSL_X509_verify_cert certificate validation
A vulnerability, which was classified as problematic, has been found in wolfSSL up to 5.9.1. This affects the function wolfSSL_X509_verify_cert.
CVE-2026-6091 | wolfSSL up to 5.9.1 certificate validation
A vulnerability, which was classified as problematic, was found in wolfSSL up to 5.9.1. This vulnerability affects unknown code. Such
CVE-2026-47770 | jqlang jq up to 1.8.1 src/jv.c jvp_array_equal recursion
A vulnerability has been found in jqlang jq up to 1.8.1 and classified as problematic. This issue affects the function
CVE-2026-50021 | pnpm up to 10.33.x/11.3.x pnpm-lock.yaml Integrity integrity check
A vulnerability was found in pnpm up to 10.33.x/11.3.x and classified as problematic. Impacted is an unknown function of the
CVE-2026-50573 | pnpm up to 10.33.3/11.3.x pnpm-lock.yaml data authenticity
A vulnerability was found in pnpm up to 10.33.3/11.3.x. It has been classified as problematic. The affected element is an
CVE-2026-55487 | pnpm up to 10.34.1/11.5.2 origin validation
A vulnerability was found in pnpm up to 10.34.1/11.5.2. It has been declared as problematic. The impacted element is an
CVE-2026-55698 | pnpm up to 10.34.1/11.5.2 pnpm-lock.yaml data authenticity
A vulnerability was found in pnpm up to 10.34.1/11.5.2. It has been rated as critical. This affects an unknown function
CVE-2026-48995 | pnpm up to 10.33.3/11.0.6 integrity check
A vulnerability categorized as problematic has been discovered in pnpm up to 10.33.3/11.0.6. This impacts an unknown function. Such manipulation
CVE-2026-49839 | jqlang jq up to 1.8.1 jv_string_append_buf out-of-bounds write
A vulnerability identified as critical has been detected in jqlang jq up to 1.8.1. Affected is the function jv_string_append_buf. Performing
CVE-2026-50015 | pnpm up to 10.33.3/11.3.x path traversal
A vulnerability labeled as critical has been found in pnpm up to 10.33.3/11.3.x. Affected by this vulnerability is an unknown
CVE-2026-50016 | pnpm up to 10.33.3/11.3.x path traversal
A vulnerability marked as critical has been reported in pnpm up to 10.33.3/11.3.x. Affected by this issue is some unknown
CVE-2026-54679 | jqlang jq up to 1.8.1 integer overflow
A vulnerability described as problematic has been identified in jqlang jq up to 1.8.1. This affects an unknown part. The
CVE-2026-55180 | pnpm up to 10.34.1/11.5.2 pnpm-workspace.yaml information disclosure
A vulnerability classified as problematic has been found in pnpm up to 10.34.1/11.5.2. This vulnerability affects unknown code of the
CVE-2026-55697 | pnpm up to 10.34.1/11.5.2 pnpm-workspace.yaml os command injection
A vulnerability classified as critical was found in pnpm up to 10.34.1/11.5.2. This issue affects some unknown processing of the
CVE-2026-55699 | pnpm up to 10.34.1/11.5.2 path traversal
A vulnerability, which was classified as critical, has been found in pnpm up to 10.34.1/11.5.2. Impacted is an unknown function.
CVE-2026-55967 | wolfSSL up to 5.9.1 Message Size nonce re-use
A vulnerability, which was classified as problematic, was found in wolfSSL up to 5.9.1. The affected element is an unknown
CVE-2026-50014 | pnpm up to 10.33.3/11.3.x Lockfile argument injection
A vulnerability has been found in pnpm up to 10.33.3/11.3.x and classified as critical. The impacted element is an unknown
CVE-2026-56014 | Averta Master Slider Plugin up to 3.11.2 on WordPress cross site scripting
A vulnerability categorized as problematic has been discovered in Averta Master Slider Plugin up to 3.11.2 on WordPress. This affects
CVE-2026-56051 | TablePress Plugin up to 3.3.1 on WordPress cross site scripting
A vulnerability identified as problematic has been detected in TablePress Plugin up to 3.3.1 on WordPress. This vulnerability affects unknown
CVE-2026-56071 | wpmudev Forminator Plugin up to 1.53.1 on WordPress cross site scripting
A vulnerability labeled as problematic has been found in wpmudev Forminator Plugin up to 1.53.1 on WordPress. This issue affects
CVE-2026-57434 | sparklemotion nokogiri up to 1.19.3 wrapper null pointer dereference
A vulnerability marked as problematic has been reported in sparklemotion nokogiri up to 1.19.3. Impacted is the function wrapper. The
CVE-2026-57236 | sparklemotion nokogiri up to 1.19.3 use after free
A vulnerability described as critical has been identified in sparklemotion nokogiri up to 1.19.3. The affected element is an unknown
CVE-2026-57435 | sparklemotion nokogiri up to 1.19.3 Nokogiri::XML::Attr use after free
A vulnerability classified as critical has been found in sparklemotion nokogiri up to 1.19.3. The impacted element is the function
CVE-2026-57437 | sparklemotion nokogiri up to 1.19.3 Garbage Collection XPathContext use after free
A vulnerability classified as critical was found in sparklemotion nokogiri up to 1.19.3. This affects the function Nokogiri::XML::XPathContext of the
CVE-2026-57436 | sparklemotion nokogiri up to 1.19.3 Garbage Collection Document#root= use after free
A vulnerability, which was classified as critical, has been found in sparklemotion nokogiri up to 1.19.3. This impacts the function
CVE-2026-57235 | sparklemotion nokogiri up to 1.19.3 out-of-bounds
A vulnerability, which was classified as critical, was found in sparklemotion nokogiri up to 1.19.3. Affected is an unknown function.
CVE-2026-57234 | sparklemotion nokogiri up to 1.19.3 Nokogiri::XML::Schema case sensitivity
A vulnerability has been found in sparklemotion nokogiri up to 1.19.3 and classified as problematic. Affected by this vulnerability is
CVE-2026-49319 | Alps Electric Remote Keyless Entry System R53R0 authentication replay
A vulnerability was found in Alps Electric Remote Keyless Entry System R53R0 and classified as problematic. Affected by this issue