๐จ CVE-2026-21883
Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist (e.g., dashboard.corp), an attacker can register a domain like dashboard.corp.attacker.com (or use a subdomain if applicable) and lure a victim to visit it. The malicious site can then initiate a WebSocket connection to the vulnerable Bokeh server. Since the Origin header (e.g., http://dashboard.corp.attacker.com/) matches the allowlist according to the flawed logic, the connection is accepted. Once connected, the attacker can interact with the Bokeh server on behalf of the victim, potentially accessing sensitive data, or modifying visualizations. This issue is fixed in version 3.8.2.
๐@cveNotify
Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist (e.g., dashboard.corp), an attacker can register a domain like dashboard.corp.attacker.com (or use a subdomain if applicable) and lure a victim to visit it. The malicious site can then initiate a WebSocket connection to the vulnerable Bokeh server. Since the Origin header (e.g., http://dashboard.corp.attacker.com/) matches the allowlist according to the flawed logic, the connection is accepted. Once connected, the attacker can interact with the Bokeh server on behalf of the victim, potentially accessing sensitive data, or modifying visualizations. This issue is fixed in version 3.8.2.
๐@cveNotify
GitHub
handle wildcard host with port correctly ยท bokeh/bokeh@cedd113
Interactive Data Visualization in the browser, from Python - handle wildcard host with port correctly ยท bokeh/bokeh@cedd113
๐จ CVE-2025-37179
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.
๐@cveNotify
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.
๐@cveNotify
๐จ CVE-2026-22915
An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.
๐@cveNotify
An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.
๐@cveNotify
Sick
The SICK Product Security Incident Response Team (SICK PSIRT) | SICK
The SICK PSIRT is the central team of SICK AG which is authorized to respond to reports regarding the cyber security of products, solutions and services as well as provide information.
๐จ CVE-2026-22916
An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.
๐@cveNotify
An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.
๐@cveNotify
Sick
The SICK Product Security Incident Response Team (SICK PSIRT) | SICK
The SICK PSIRT is the central team of SICK AG which is authorized to respond to reports regarding the cyber security of products, solutions and services as well as provide information.
๐จ CVE-2026-22917
Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.
๐@cveNotify
Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.
๐@cveNotify
Sick
The SICK Product Security Incident Response Team (SICK PSIRT) | SICK
The SICK PSIRT is the central team of SICK AG which is authorized to respond to reports regarding the cyber security of products, solutions and services as well as provide information.
๐จ CVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance.
๐@cveNotify
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance.
๐@cveNotify
Code-White
CODE WHITE | Public Vulnerability List
Public list of vulnerabilities, found by CODE WHITE
๐จ CVE-2026-20613
The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0.
๐@cveNotify
The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0.
๐@cveNotify
GitHub
Archive extraction does not guard against escapes from extraction base directory.
### Summary
The `ArchiveReader.extractContents()` function used by `cctl image load` and container image load performs no pathname validation before extracting an archive member. This means that a...
The `ArchiveReader.extractContents()` function used by `cctl image load` and container image load performs no pathname validation before extracting an archive member. This means that a...
๐จ CVE-2025-69907
An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal configuration information, including cabinet names and database-related metadata. This allows unauthorized enumeration of backend deployment details and may facilitate further targeted attacks.
๐@cveNotify
An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal configuration information, including cabinet names and database-related metadata. This allows unauthorized enumeration of backend deployment details and may facilitate further targeted attacks.
๐@cveNotify
GitHub
CVE-Newgen-Software-Advisories/CVE-2025-69907.md at main ยท CBx216/CVE-Newgen-Software-Advisories
Advisory for CVE-2025-65742 โ Newgen OmniDocs LDAP Admin BFLA - CBx216/CVE-Newgen-Software-Advisories
๐จ CVE-2025-71146
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conncount: fix leaked ct in error paths
There are some situations where ct might be leaked as error paths are
skipping the refcounted check and return immediately. In order to solve
it make sure that the check is always called.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conncount: fix leaked ct in error paths
There are some situations where ct might be leaked as error paths are
skipping the refcounted check and return immediately. In order to solve
it make sure that the check is always called.
๐@cveNotify
๐จ CVE-2025-71147
In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: Fix a memory leak in tpm2_load_cmd
'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode'
but it is not freed in the failure paths. Address this by wrapping the blob
into with a cleanup helper.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: Fix a memory leak in tpm2_load_cmd
'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode'
but it is not freed in the failure paths. Address this by wrapping the blob
into with a cleanup helper.
๐@cveNotify
๐จ CVE-2025-71148
In the Linux kernel, the following vulnerability has been resolved:
net/handshake: restore destructor on submit failure
handshake_req_submit() replaces sk->sk_destruct but never restores it when
submission fails before the request is hashed. handshake_sk_destruct() then
returns early and the original destructor never runs, leaking the socket.
Restore sk_destruct on the error path.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
net/handshake: restore destructor on submit failure
handshake_req_submit() replaces sk->sk_destruct but never restores it when
submission fails before the request is hashed. handshake_sk_destruct() then
returns early and the original destructor never runs, leaking the socket.
Restore sk_destruct on the error path.
๐@cveNotify
๐จ CVE-2025-71149
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: correctly handle io_poll_add() return value on update
When the core of io_uring was updated to handle completions
consistently and with fixed return codes, the POLL_REMOVE opcode
with updates got slightly broken. If a POLL_ADD is pending and
then POLL_REMOVE is used to update the events of that request, if that
update causes the POLL_ADD to now trigger, then that completion is lost
and a CQE is never posted.
Additionally, ensure that if an update does cause an existing POLL_ADD
to complete, that the completion value isn't always overwritten with
-ECANCELED. For that case, whatever io_poll_add() set the value to
should just be retained.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: correctly handle io_poll_add() return value on update
When the core of io_uring was updated to handle completions
consistently and with fixed return codes, the POLL_REMOVE opcode
with updates got slightly broken. If a POLL_ADD is pending and
then POLL_REMOVE is used to update the events of that request, if that
update causes the POLL_ADD to now trigger, then that completion is lost
and a CQE is never posted.
Additionally, ensure that if an update does cause an existing POLL_ADD
to complete, that the completion value isn't always overwritten with
-ECANCELED. For that case, whatever io_poll_add() set the value to
should just be retained.
๐@cveNotify
๐จ CVE-2025-71150
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Fix refcount leak when invalid session is found on session lookup
When a session is found but its state is not SMB2_SESSION_VALID, It
indicates that no valid session was found, but it is missing to decrement
the reference count acquired by the session lookup, which results in
a reference count leak. This patch fixes the issue by explicitly calling
ksmbd_user_session_put to release the reference to the session.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Fix refcount leak when invalid session is found on session lookup
When a session is found but its state is not SMB2_SESSION_VALID, It
indicates that no valid session was found, but it is missing to decrement
the reference count acquired by the session lookup, which results in
a reference count leak. This patch fixes the issue by explicitly calling
ksmbd_user_session_put to release the reference to the session.
๐@cveNotify
๐จ CVE-2025-14457
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated attackers to delete arbitrary uploaded files when the "Send attachments as links" setting is enabled.
๐@cveNotify
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated attackers to delete arbitrary uploaded files when the "Send attachments as links" setting is enabled.
๐@cveNotify
๐จ CVE-2026-22907
An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.
๐@cveNotify
An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.
๐@cveNotify
Sick
The SICK Product Security Incident Response Team (SICK PSIRT) | SICK
The SICK PSIRT is the central team of SICK AG which is authorized to respond to reports regarding the cyber security of products, solutions and services as well as provide information.
๐จ CVE-2026-22908
Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.
๐@cveNotify
Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.
๐@cveNotify
Sick
The SICK Product Security Incident Response Team (SICK PSIRT) | SICK
The SICK PSIRT is the central team of SICK AG which is authorized to respond to reports regarding the cyber security of products, solutions and services as well as provide information.
๐จ CVE-2026-22909
Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.
๐@cveNotify
Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.
๐@cveNotify
Sick
The SICK Product Security Incident Response Team (SICK PSIRT) | SICK
The SICK PSIRT is the central team of SICK AG which is authorized to respond to reports regarding the cyber security of products, solutions and services as well as provide information.
๐จ CVE-2026-22910
The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.
๐@cveNotify
The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.
๐@cveNotify
Sick
The SICK Product Security Incident Response Team (SICK PSIRT) | SICK
The SICK PSIRT is the central team of SICK AG which is authorized to respond to reports regarding the cyber security of products, solutions and services as well as provide information.
๐จ CVE-2026-22911
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.
๐@cveNotify
Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.
๐@cveNotify
Sick
The SICK Product Security Incident Response Team (SICK PSIRT) | SICK
The SICK PSIRT is the central team of SICK AG which is authorized to respond to reports regarding the cyber security of products, solutions and services as well as provide information.
๐จ CVE-2026-22912
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.
๐@cveNotify
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.
๐@cveNotify
Sick
The SICK Product Security Incident Response Team (SICK PSIRT) | SICK
The SICK PSIRT is the central team of SICK AG which is authorized to respond to reports regarding the cyber security of products, solutions and services as well as provide information.
๐จ CVE-2026-22913
Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.
๐@cveNotify
Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.
๐@cveNotify
Sick
The SICK Product Security Incident Response Team (SICK PSIRT) | SICK
The SICK PSIRT is the central team of SICK AG which is authorized to respond to reports regarding the cyber security of products, solutions and services as well as provide information.