171 matches found
Astra Linux - уязвимость в subversion
Subversion’s moddavsvn is vulnerable to memory corruption. When checking path-based authorization rules, moddavsvn servers may attempt to use memory that has already been freed. Affected Subversion moddavsvn servers include versions 1.10.0 through 1.14.1 including those versions. Servers that do...
CLEANSTART-2026-QV77143 Security fixes for CVE-2026-21726, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-32287, CVE-2026-33186, CVE-2026-34040, CVE-2026-39882, ghsa-37cx-329c-33x3, ghsa-3xc5-wrhm-f963, ghsa-497x-rrr9-68jp, ghsa-6g7g-w4f8-9c9x, ghsa-fw7p-63qq-7hpr, ghsa-w8rr-5gcm-pp58, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.13.2-r0, 1.14.1-r0, 1.15.1-r1
Multiple security vulnerabilities affect the grafana-alloy package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-41949 Dify < 1.14.2 Authorization Bypass via File Preview Endpoint
Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...
EUVD-2026-30771
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...
CVE-2026-41948 Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...
CVE-2026-44196
Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication TOTP requirement entirely. Although, an attacker...
EUVD-2026-24573
OpenFGA has Improper Policy Enforcement...
OpenFGA has Improper Policy Enforcement
Description In OpenFGA, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result for a subsequent request. Am I Affected? Users are affected if their...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper policy enforcement. An attacker can gain unauthorized access or perform actions with insufficient authorization by exploiting cache key collisions that cause the reuse of cached results from...
OpenFGA 安全漏洞
OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA prior to 1.14.1 contained a security vulnerability. This vulnerability arises from the use of cache conditions in certain scenarios, which may lead to two different chec...
CVE-2026-41131
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result f...
CVE-2026-41131 OpenFGA has Improper Policy Enforcement
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This could result in OpenFGA reusing an earlier cached result f...
PT-2026-34222
Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.14.1 Description In specific scenarios, models using conditions with caching enabled can result in two different check requests producing the same cache key. This may lead to the reuse of an earlier cached result fo...
EUVD-2026-21406
HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5Trefmemsetnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote...
CVE-2026-34734
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5Tconvstruct. The original object was...
UBUNTU-CVE-2026-34734
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5Tconvstruct. The original object was...
EUVD-2026-21020
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5Tconvstruct. The original object was...
CVE-2026-34734
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5Tconvstruct. The original object was...