10 matches found
CVE-2026-42297 Argo Workflows Is Missing Authorization in Sync ConfigMap Provider
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read,...
@openinc/parse-server-opendash (>=4.0.0 <=4.0.4) potentially affected by CVE-2026-33539 via parse-server (>=9.6.0-alpha.37 <=9.6.0-alpha.43)
parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.4 Source cves: CVE-2026-33539 Source advisory: OSV:GHSA-P2W6-RMH7-W8Q3...
PT-2025-3165 · Northern.Tech · Mender Client
Name of the Vulnerable Software and Affected Versions: Northern.tech Mender Client versions 4.0.0 through 4.0.4 Description: The issue is related to insecure permissions in the Northern.tech Mender Client. Recommendations: For Northern.tech Mender Client versions 4.0.0 through 4.0.4, update to...
PT-2024-3042 · Fortinet · Fortisandbox
Name of the Vulnerable Software and Affected Versions: Fortinet FortiSandbox versions 4.0.0 through 4.0.4 Fortinet FortiSandbox versions 4.2.0 through 4.2.6 Fortinet FortiSandbox versions 4.4.0 through 4.4.3 Description: The issue exists due to improper neutralization of special elements used in ...
PT-2024-3041 · Fortinet · Fortisandbox
Name of the Vulnerable Software and Affected Versions: Fortinet FortiSandbox versions 4.0.0 through 4.0.4 Fortinet FortiSandbox versions 4.2.0 through 4.2.6 Fortinet FortiSandbox versions 4.4.0 through 4.4.3 Description: The issue is related to an improper limitation of a pathname to a restricted...
Fortinet FortiSandbox 安全漏洞
Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. Fortinet FortiSandbox has a security vulnerability that stems from the presenc...
PT-2023-7453 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions 1.3 through 3.5.8 Mastodon versions 4.0.0 through 4.0.4 Mastodon versions 4.1.0 through 4.1.2 Description: The issue is related to the processing of oEmbed data in Mastodon, which can allow an attacker to bypass HTML...
PT-2023-8743 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions 3.5.0 through 3.5.8 Mastodon versions 4.0.0 through 4.0.4 Mastodon versions 4.1.0 through 4.1.2 Description: The issue arises from a flaw in the media processing code, allowing attackers to create arbitrary files at any...
PT-2023-25578 · Mastodon · Mastodon
Name of the Vulnerable Software and Affected Versions: Mastodon versions 2.6.0 through 3.5.8 Mastodon versions 4.0.0 through 4.0.4 Mastodon versions 4.1.0 through 4.1.2 Description: Mastodon is a free, open-source social network server based on ActivityPub. An attacker can craft a verified profil...
PT-2022-26153 · Grails · Grails Spring Security Core Plugin
Name of the Vulnerable Software and Affected Versions: Grails Spring Security Core plugin versions 1.x Grails Spring Security Core plugin versions 2.x Grails Spring Security Core plugin versions 3.0.0 through 3.3.1 Grails Spring Security Core plugin versions 4.0.0 through 4.0.4 Grails Spring...