CVE-2026-11465

CVE-2026-11465 affects songquanpeng’s one-api (up to 0.6.11-preview.7). The issue is in the Redemption Code Top-Up Endpoint, specifically the function Redeem in file model/redemption.go, where manipulation leads to business logic errors. Reported as exploitable remotely with high complexity and l...

@antv/gi-assets-xlab (>=0.1.0 <=0.1.30) potentially affected by unknown CVE via @antv/gi-theme-antd (=0.6.11)

@antv/gi-theme-antd NPM version =0.6.11 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/gi-theme-antd and may be impacted: - @antv/gi-assets-xlab =0.1.0, =0.1.30 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4017...

CVE-2026-44374

Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless o...

CVE-2026-44374

CVE-2026-44374 affects Backstage when using the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed. Prior to version 0.6.11, these endpoints do not enforce permission checks, enabling any authenticated user to access unprocessed entity records regardless o...

Incorrect Authorization

Overview @backstage/plugin-catalog-backend-module-unprocessed is a Backstage Catalog module to view unprocessed entities Affected versions of this package are vulnerable to Incorrect Authorization in the unprocessed entities read endpoints. An attacker can gain unauthorized access to sensitive...

CVE-2025-68922

OpenOps before 0.6.11 allows remote code execution in the Terraform block...

EUVD-2025-205358

OpenOps before 0.6.11 allows remote code execution in the Terraform block...

CVE-2025-68922

CVE-2025-68922 affects OpenOps prior to version 0.6.11. The available connected sources state that this vulnerability allows remote code execution via the Terraform block, constituting a likely exploitable path within OpenOps deployments. The exact technical root cause is not detailed beyond the ...

CVE-2025-68922

OpenOps before 0.6.11 allows remote code execution in the Terraform block...

CVE-2025-68922

OpenOps before 0.6.11 allows remote code execution in the Terraform block...

PT-2025-53383

Name of the Vulnerable Software and Affected Versions OpenOps versions prior to 0.6.11 Description The software allows for remote code execution within the Terraform block. Recommendations Update to version 0.6.11 or later...

CVE-2023-34181

A vulnerability in gaap WP-Cirrus wp-cirrus.This issue affects WP-Cirrus: from n/a through = 0.6.11...

CVE-2023-34181

Cross-Site Request Forgery CSRF vulnerability in WP-Cirrus plugin = 0.6.11 versions...

PT-2023-24720 · WordPress · Wp-Cirrus

Name of the Vulnerable Software and Affected Versions: WP-Cirrus plugin versions 0.6.11 and earlier Description: A Cross-Site Request Forgery CSRF issue exists, which can be exploited by an attacker to perform unauthorized actions on the affected system. Recommendations: For WP-Cirrus plugin...

CVE-2023-36692

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin = 0.6.11 versions...

@0xagnish/circom2-create-project (=1.0.412), @0xagnish/create-circom2-project (>=1.0.0 <=1.0.418) +322 more potentially affected by CVE-2023-33252 via snarkjs (>=0.1.11 <=0.6.11)

snarkjs NPM version =0.1.11, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.1, =2.0.0-alpha.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.2.2 and more Source cves: CVE-2023-33252 Source advisory: OSV:GHSA-XP5G-JHG3-3RG2...

PT-2023-24246 · Unknown · Iden3 Snarkjs

Name of the Vulnerable Software and Affected Versions: iden3 snarkjs versions through 0.6.11 Description: The issue allows double spending due to the lack of validation that the publicSignals length is less than the field modulus. Recommendations: For iden3 snarkjs versions through 0.6.11, consid...

euro-coin-collector (>=0.0.1 <=1.0.0), forex-news-downloader (>=0.0.2 <=0.5.13) +11 more potentially affected by unknown CVE via marsdb (>=0.4.4 <=0.6.11)

marsdb NPM version =0.4.4, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =2.6.0, =2.8.7 - piedpiper-middle-out =5.8.1 Source cves: unknown CVE Source advisory: OSV:GHSA-5MRR-RGP6-X4GR...

libcroco 'cr_tknzr_parse_rgb' function denial of service vulnerability

libcroco is a CSS2 parsing library. A security vulnerability exists in the 'crtknzrparsergb' function of the cr-tknzr.c file in libcroco versions 0.6.11 and 0.6.12. A remote attacker can exploit this vulnerability to cause a denial of service application crash with the help of a specially crafted...

Design/Logic Flaw

DISPUTED The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact v...