31258 matches found
EUVD-2026-45437
In the Linux kernel, the following vulnerability has been resolved: selinux: fix avdcache auditing The per-task avdcache was incorrectly saving and reusing the audited vector computed by avcauditrequired rather than recomputing based on the currently requested permissions and distinguishing the...
CVE-2024-58356
SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used on tables defined with TYPE RELATION. Because table definitions include the PERMISSIONS clause, an attempt to tighten a table's permissions via OVERWRITE does not take effect, a...
EUVD-2025-210488
SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 allows authenticated users with OWNER or EDITOR permissions at the root, namespace, or database level to define custom database functions via DEFINE FUNCTION using nested FOR loops. Although a single loop's iteration count is...
CVE-2024-58356 SurrealDB before 2.1.4 Permission Bypass via DEFINE TABLE OVERWRITE
SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used on tables defined with TYPE RELATION. Because table definitions include the PERMISSIONS clause, an attempt to tighten a table's permissions via OVERWRITE does not take effect, a...
CVE-2024-58356
SurrealDB prior to version 2.1.4 is affected by a permission-bypass issue. When using DEFINE TABLE ... OVERWRITE on tables defined with TYPE RELATION, the PERMISSIONS clause is not applied, so tightened permissions may not take effect and an authorized client could continue to access data. Affect...
JumpServer > 3.6.4 - Information Disclosure
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...
CVE-2026-54244
Statamic CMS suffers an Incorrect Authorization issue in the Live Preview feature. Before versions 5.74.0 and 6.20.3, the Live Preview endpoint in src/Http/Controllers/CP/PreviewController.php only checked view permissions and could render caller-supplied field values. A Control Panel user with v...
CVE-2026-54244 Statamic: Incorrect authorization lets view-only users submit Live Preview content reserved for editors
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.74.0 and 6.20.3, the Live Preview endpoint for existing entries and terms in src/Http/Controllers/CP/PreviewController.php only checked view authorization, but it accepts and renders caller-supplied field values. A...
CVE-2026-45703
Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.7, the WordExport export flow in bundles/WordExportBundle/src/Controller/TranslationController.php only checks the wordexport feature permission and directly resolves attacker-controlled type/id input...
CVE-2026-44739
CVE-2026-44739 (Pimcore) : SQL injection in the columnConfigAction flow of CustomReportsBundle enables an attacker with the reports_config permission to inject and execute arbitrary SELECT/UNION queries and leverage error-based exfiltration. Affected versions are prior to 11.5.17 (LTS) and 12.3.6...
CVE-2026-44739 Pimcore: SQL Injection in Custom Reports Column Configuration
Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.6, the columnConfigAction endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php passes malicious SQL configuration through CustomReportController:columnConfigAction,...
CVE-2026-45260
Pimcore WebDAV MOVE vulnerability (CVE-2026-45260) enables remote asset deletion/overwrite due to missing authentication in the WebDAV controller and Tree::move() path. The WebDAV endpoint at /asset/webdav{path} proceeds to mutate assets before validating the current user or permissions, and Asse...
Gitea has insufficient permission checks for Composer package source links
CVE Description Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information. Summary A critical vulnerability has been discovered in Gitea. It was already reported via...
CVE-2026-48010 Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, UserController::upsertUser in src/Core/Framework/Api/Controller/UserController.php writes raw user data in SYSTEMSCOPE without filtering the admin field, so a non-admin API user with user:create or user:update ACL permission...
CVE-2026-48010 Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, UserController::upsertUser in src/Core/Framework/Api/Controller/UserController.php writes raw user data in SYSTEMSCOPE without filtering the admin field, so a non-admin API user with user:create or user:update ACL permission...
CVE-2026-62234
Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write permission to create webhooks with file://, dict://, or gopher:// URLs. Attackers can trigger webhook events to read local files, access process information, or pivot to...
EUVD-2026-45080
Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write permission to create webhooks with file://, dict://, or gopher:// URLs. Attackers can trigger webhook events to read local files, access process information, or pivot to...
PT-2026-60807
SurrealDB before 3.1.5 fail to apply field-level SELECT permissions to ORDER BY clauses, allowing authenticated users to leak the relative ordering of restricted field values. Attackers can issue ORDER BY queries on indexed restricted fields to recover the hidden values' sort order across records...
CVE-2026-43978
wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...
CVE-2026-43977 wger IDOR: Authenticated Users Can Read Others' Private Workout Session Data via Template Routine API
wger is a free, open-source workout and fitness manager. In versions prior to 2.6, any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The vulnerability exis...