CVE-2026-46645

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

CVE-2026-46645 SQLAdmin: Authorization Bypass on `ajax_lookup`

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

EUVD-2026-36168

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

CVE-2026-46645 SQLAdmin: Authorization Bypass on `ajax_lookup`

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajaxlookup endpoint in application.py bypasses the isaccessible access control check that all other endpoints enforce. If a developer restricts model access by overriding isaccessible, an authenticated user...

CVE-2026-46645

SQLAdmin (for SQLAlchemy) contains an authorization bypass in the ajax_lookup endpoint prior to version 0.25.1, where is_accessible() is bypassed, allowing an authenticated user to query a model’s data despite access restrictions. The issue affects ajax_lookup specifically and was mitigated by pa...

CVE-2025-54245

Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54244

Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54244 Substance3D - Viewer | Heap-based Buffer Overflow (CWE-122)

Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54244

The CVE-2025-54244 issue affects Substance3D Viewer, specifically versions 0.25.1 and earlier. A heap-based buffer overflow in the viewer could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction (the user must open a malicious file). Public s...

CVE-2025-54243 Substance3D - Viewer | Out-of-bounds Write (CWE-787)

Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54243

CVE-2025-54243 affects Adobe Substance3D Viewer up to version 0.25.1. It is an out-of-bounds write (CWE-787) that could allow arbitrary code execution in the current user’s context. Exploitation requires user interaction: the victim must open a crafted malicious file. Several sources corroborate ...

CVE-2025-54245 Substance3D - Viewer | Out-of-bounds Write (CWE-787)

Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2025-36974

Name of the Vulnerable Software and Affected Versions: Substance3D - Viewer versions 0.25.1 and earlier Description: Substance3D - Viewer is affected by a Heap-based Buffer Overflow that may lead to arbitrary code execution with current user privileges. Exploitation requires a user to open a...

Linux Distros Unpatched Vulnerability : CVE-2025-2581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM Fil...

headscale-0.25.1-2.1 on GA media (moderate)

headscale-0.25.1-2.1 on GA media Announcement ID: openSUSE-SU-2025:14956-1 Rating: moderate Cross-References: CVE-2025-30204 CVSS scores: CVE-2025-30204 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-30204 SUSE : 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:...

DEBIAN-CVE-2025-2581

A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to addre...

UBUNTU-CVE-2025-2581

A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. The attack can be launched remotely. Upgrading to version 0.25.1 is able to addre...

CVE-2024-32231

Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter...

PT-2024-24467 · Stash · Stash

Name of the Vulnerable Software and Affected Versions: Stash versions up to 0.25.1 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the sort parameter. Recommendations: For versions up to 0.25.1, as a temporary workaround, consider...

Stash 安全漏洞

Stash is an open source self-hosted web application written in Go by stashapp. A security vulnerability exists in Stash version v0.25.1, which stems from an SQL injection vulnerability in the sort parameter...