567348 matches found
Security Bulletin: IBM Cloud Pak System is vulnerable to an Improper Access Control due to use of Apache Commons BeanUtils [CVE-2025-48734]
Summary Due to use of Apache Commons BeanUtils IBM Cloud Pak System is vulnerable to an Improper Access Control. IBM Cloud Pak System addressed vulnerability. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospecto...
CVE-2026-56779
MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and downloadurl parameters. Attackers with default workspace USER role can...
CVE-2026-56772
NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...
CVE-2026-56767
Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...
CVE-2026-54089
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...
CVE-2026-47102
A flaw was found in LiteLLM. A user with access to the /user/update endpoint can exploit a privilege escalation vulnerability. By modifying their own userrole to proxyadmin, an attacker can gain full administrative access to LiteLLM, including control over all users, teams, keys, models, and prom...
CVE-2026-54917 SeaweedFS: Path traversal in the S3 and Iceberg REST gateways allows cross-bucket access
SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...
CVE-2026-54917
SeaweedFS prior to version 4.30 exposes a path traversal flaw in the S3 gateway and the Iceberg REST catalog gateway. Both gateways constructed their routers with mux.NewRouter().SkipClean(true), so with path cleaning disabled a .. segment in a URL like GET /bucket-A/../evil-bucket/key can surviv...
EUVD-2026-31483
amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads...
EUVD-2026-37289
LangGraph SDK has unsafe URL path construction...
CVE-2026-56772 NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint
NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...
CVE-2026-56770
Libais 0.15 is affected by an out-of-bounds vector access in VdmStream::AddLine caused by an unchecked sentinel value used as a vector index when handling AIS sentences with empty or out-of-range sequential IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM senten...
CVE-2026-56768
Vulnerability summary (CVE-2026-56768) Seahub versions before 13.0.23 fail to enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated access when a folder share-link token is present. An attacker can call the GET endpoint to obtain a fileserver zip token ...
CVE-2026-56767
Maxun before version 0.0.42 is affected by a cross-tenant insecure direct object reference in storage and webhook API handlers. Authenticated users can bypass ownership checks to read other users’ robots and OAuth tokens, including plaintext Google and Airtable tokens, and can modify, delete, or ...
CVE-2026-56767 Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers
Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...
CVE-2026-54089
CVE-2026-54089 impacts File Browser when configured with proxy authentication (auth.method=proxy). The issue allows an unauthenticated attacker who can reach the server to impersonate any user—including an administrator—by sending a single forged HTTP header. No credentials are required. Addition...
CVE-2026-54091
CVE-2026-54091 : File Browser public shares allow information disclosure due to incorrect access control when rebasing the owner’s filesystem root for public share paths. Before 2.63.6, the public share handler sets d.user.Fs to a BasePathFs rooted at the shared directory and then checks access w...
CVE-2026-54094 File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...
CVE-2026-54094
CVE-2026-54094 affects the File Browser project. Prior to version 2.63.14, HTTP handlers can follow symlinks inside a scoped user’s directory, allowing read, write, or public-share actions to target files outside the user’s intended scope via two patterns: (1) a final-path symlink escaping the sc...
CVE-2026-54096
File Browser exposes a vulnerability: an authenticated user can create a public share for a path that does not yet exist, and that share becomes valid later when a file is created at that path, potentially exposing future files via GET /api/public/dl/. The issue is triggered by POST /api/share/, ...