Exploit for CVE-2026-8181

EN: Controlled PoC and brief technical notes for authorized secu...

CodeCanyon Perfex CRM 授权问题漏洞

CodeCanyon Perfex CRM is a self-hosted customer relationship management software developed by CodeCanyon. Versions of CodeCanyon Perfex CRM 3.4.1 and earlier contained an authorization vulnerability. This vulnerability stemmed from the operation of the parameter ID in the function Clients::projec...

Astra Linux - уязвимость в libarchive

libarchive 3.4.1 through 3.5.1 has a use-after-free in copystring called from douncompressblock and processblock...

Astra Linux - уязвимость в twitter-bootstrap3

Improper neutralization of input during web page generation XSS or “cross-site scripting” vulnerability in Bootstrap allows cross-site scripting. This issue affects Bootstrap: from version 3.4.1 to 4.0.0...

GHSA-72MV-WWVM-VGP5 Apache DolphinScheduler has an Incorrect Authorization Vulnerability

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

Incorrect Authorization

Overview org.apache.dolphinscheduler:dolphinscheduler-dao is an A visual DAG workflow scheduling system, dedicated to solving the complex dependencies in data processing. Affected versions of this package are vulnerable to Incorrect Authorization during workflow execution. An attacker can gain...

Apache DolphinScheduler has an Incorrect Authorization Vulnerability

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

CVE-2026-23902

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

EUVD-2026-25413

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

CVE-2026-23902

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

CVE-2026-23902

CVE-2026-23902 concerns an Incorrect Authorization flaw in Apache DolphinScheduler. The weakness allows authenticated users with system login permissions to operate using tenants not defined on the platform during workflow execution. Affected versions are DolphinScheduler prior to 3.4.1; remediat...

Apache DolphinScheduler 安全漏洞

Apache DolphinScheduler is a modern data orchestration platform developed by the Apache Foundation in the United States. Versions of Apache DolphinScheduler prior to 3.4.1 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could allow authenticated...

PT-2026-33280

Name of the Vulnerable Software and Affected Versions rsync versions 3.0.1 through 3.4.1 Description The receive xattr function relies on an untrusted length value during a qsort call, which can lead to a use-after-free condition on the receiver side. This occurs when the victim runs the software...

CVE-2026-33228

flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with th...

CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

CVE-2025-59783

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...

CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

CVE-2025-59783 OS Command Injection over API

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...

CVE-2025-59783 OS Command Injection over API

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...