Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:

Compact

Detailed

          Permalink
          
            CVE-2026-23881
          
        7.7 HIGH
      
        CVSS version (CVSS): 3.1
      
          Attack Vector (AV): Network (N)
        
          Attack Complexity (AC): Low (L)
        
          Privileges Required (PR): Low (L)
        
          User Interaction (UI): None (N)
        
          Scope (S): Changed (C)
        
          Confidentiality (C): None (N)
        
          Integrity (I): None (N)
        
          Availability (A): High (H)
        
          Modified Attack Vector (MAV): Network (N)
        
          Modified Attack Complexity (MAC): Low (L)
        
          Modified Privileges Required (MPR): Low (L)
        
          Modified User Interaction (MUI): None (N)
        
          Modified Confidentiality (MC): None (N)
        
          Modified Scope (MS): Changed (C)
        
          Modified Integrity (MI): None (N)
        
          Modified Availability (MA): High (H)
        
              created
            
          3 months, 1 week ago
          
      Activity log
    
              Created suggestion
            
          3 months, 1 week ago
          
            Kyverno Denial of Service via Context Variable Amplification in Policy Engine
          
      https://github.com/kyverno/kyverno/security/advisories/GHSA-r2rj-wwm5-x6mq
    
    x_refsource_CONFIRM
  
      https://github.com/kyverno/kyverno/commit/7a651be3a8c78dcabfbf4178b8d89026bf3b850f
    
    x_refsource_MISC
  
      https://github.com/kyverno/kyverno/commit/f5617f60920568a301740485472bf704892175b7
    
    x_refsource_MISC
  
    kyverno

            ==< 1.15.3
          
            ==>= 1.16.0, < 1.16.3

          Permalink
          
            CVE-2026-24116
          
              created
            
          3 months, 1 week ago
          
      Activity log
    
              Created suggestion
            
          3 months, 1 week ago
          
            Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64
          
      https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73
    
    x_refsource_CONFIRM
  
      https://github.com/bytecodealliance/wasmtime/commit/728fa07184f8da2a046f48ef9b61f869dce133a6
    
    x_refsource_MISC
  
      https://github.com/bytecodealliance/wasmtime/commit/799585fc362fcb991de147dd1a9f2ba0861ed440
    
    x_refsource_MISC
  
      https://github.com/bytecodealliance/wasmtime/commit/ac92d9bb729ad3a6d93f0724c4c33a0c4a9c0227
    
    x_refsource_MISC
  
      https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.memory_guard_size
    
    x_refsource_MISC
  
      https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.signals_based_traps
    
    x_refsource_MISC
  
      https://docs.wasmtime.dev/stability-release.html
    
    x_refsource_MISC
  
      https://rustsec.org/advisories/RUSTSEC-2026-0006.html
    
    x_refsource_MISC
  
    wasmtime

            === 41.0.0
          
            ==>= 29.0.0, < 36.0.5
          
            ==>= 37.0.0, < 40.0.3

Permalink CVE-2025-68934

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 3 months, 1 week ago Activity log

Created suggestion 3 months, 1 week ago

Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint

https://github.com/discourse/discourse/security/advisories/GHSA-vwjh-vrx9-9849 x_refsource_CONFIRM

discourse

==>= 2026.1.0-latest, < 2026.1.0
==>= 2025.12.0-latest, 2025.12.1
==>= 2025.11.0-latest, < 2025.11.2
==< 3.5.4

          Permalink
          
            CVE-2026-1521
          
        5.3 MEDIUM
      
        CVSS version (CVSS): 3.1
      
          Attack Vector (AV): Network (N)
        
          Attack Complexity (AC): Low (L)
        
          Privileges Required (PR): None (N)
        
          User Interaction (UI): None (N)
        
          Scope (S): Unchanged (U)
        
          Confidentiality (C): None (N)
        
          Integrity (I): None (N)
        
          Availability (A): Low (L)
        
          Exploit Code Maturity (E): Proof-of-Concept (P)
        
          Remediation Level (RL): Official Fix (O)
        
          Report Confidence (RC): Confirmed (C)
        
          Modified Attack Vector (MAV): Network (N)
        
          Modified Attack Complexity (MAC): Low (L)
        
          Modified Privileges Required (MPR): None (N)
        
          Modified User Interaction (MUI): None (N)
        
          Modified Confidentiality (MC): None (N)
        
          Modified Scope (MS): Unchanged (U)
        
          Modified Integrity (MI): None (N)
        
          Modified Availability (MA): Low (L)
        
              created
            
          3 months, 1 week ago
          
      Activity log
    
              Created suggestion
            
          3 months, 1 week ago
          
            Open5GS SGWC s5c-handler.c denial of service
          
      VDB-343192 | Open5GS SGWC s5c-handler.c denial of service
    
    vdb-entrytechnical-description
  
      VDB-343192 | CTI Indicators (IOB, IOC, TTP, IOA)
    
    signaturepermissions-required
  
      Submit #738370 | Open5GS SGWC v2.7.6 Denial of Service
    
    third-party-advisory
  
      https://github.com/open5gs/open5gs/issues/4268
    
    issue-tracking
  
      https://github.com/open5gs/open5gs/issues/4268#event-21989483261
    
    issue-tracking
  
      https://github.com/open5gs/open5gs/issues/4268#issue-3795012861
    
    issue-trackingexploit
  
      https://github.com/open5gs/open5gs/commit/69b53add90a9479d7960b822fc60601d659c3…
    
    patch
  
    Open5GS

            ==2.7.0
          
            ==2.7.3
          
            ==2.7.4
          
            ==2.7.1
          
            ==2.7.5
          
            ==2.7.2
          
            ==2.7.6

Permalink CVE-2026-0818

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

created 3 months, 1 week ago Activity log

Created suggestion 3 months, 1 week ago

CSS-based exfiltration of the content from partially encrypted emails when allowing remote content

Thunderbird

<140.7.1
<147.0.1

Permalink CVE-2025-68479

7.1 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

created 3 months, 1 week ago Activity log

Created suggestion 3 months, 1 week ago

Discourse subscriptions are susceptible to takeover

https://github.com/discourse/discourse/security/advisories/GHSA-6gjr-5897-m327 x_refsource_CONFIRM

discourse

==>= 2026.1.0-latest, < 2026.1.0
==>= 2025.11.0-latest, < 2025.11.2
==>= 2025.12.0-latest, < 2025.12.1
==< 3.5.4

Permalink CVE-2025-68662

7.6 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): Low (L)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

created 3 months, 1 week ago Activity log

Created suggestion 3 months, 1 week ago

FinalDestination hostname matching allows SSRF protection bypass

https://github.com/discourse/discourse/security/advisories/GHSA-gcfp-rjfc-925c x_refsource_CONFIRM

discourse

==< 3.5.4
==>= 2026.1.0-latest, < 2026.1.0
==>= 2025.11.0-latest, < 2025.11.2
==>= 2025.12.0-latest, < 2025.12.1

Permalink CVE-2025-66488

4.6 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): Low (L)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

created 3 months, 1 week ago Activity log

Created suggestion 3 months, 1 week ago

Discourse allows script execution in uploaded HTML/XML files on S3

https://github.com/discourse/discourse/security/advisories/GHSA-68jp-3934-62rx x_refsource_CONFIRM

discourse

==>= 2026.1.0-latest, < 2026.1.0
==>= 2025.11.0-latest, < 2025.11.2
==>= 2025.12.0-latest, < 2025.12.1
==< 3.5.4

          Permalink
          
            CVE-2020-36992
          
        7.8 HIGH
      
        CVSS version (CVSS): 3.1
      
          Attack Vector (AV): Local (L)
        
          Attack Complexity (AC): Low (L)
        
          Privileges Required (PR): Low (L)
        
          User Interaction (UI): None (N)
        
          Scope (S): Unchanged (U)
        
          Confidentiality (C): High (H)
        
          Integrity (I): High (H)
        
          Availability (A): High (H)
        
          Modified Attack Vector (MAV): Local (L)
        
          Modified Attack Complexity (MAC): Low (L)
        
          Modified Privileges Required (MPR): Low (L)
        
          Modified User Interaction (MUI): None (N)
        
          Modified Confidentiality (MC): High (H)
        
          Modified Scope (MS): Unchanged (U)
        
          Modified Integrity (MI): High (H)
        
          Modified Availability (MA): High (H)
        
              created
            
          3 months, 1 week ago
          
      Activity log
    
              Created suggestion
            
          3 months, 1 week ago
          
            Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path
          
      ExploitDB-48790
    
    exploit
  
      NordVPN Official Homepage
    
    product
  
      VulnCheck Advisory: Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path
    
    third-party-advisory
  
    nordvpn

            ==6.31.13.0

Permalink CVE-2026-1237

created 3 months, 1 week ago Activity log

Created suggestion 3 months, 1 week ago

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions …

https://github.com/juju/juju/security/advisories/GHSA-j477-6vpg-6c8x

juju