CVE-2026-46424

Budibase vulnerability CVE-2026-46424 affects versions before 3.38.2. The public API endpoint POST /api/public/v1/roles/unassign updates CouchDB user documents but does not invalidate the Redis cache entries used by authentication middleware, so revoked admin/builder/app roles may persist up to 1...

EUVD-2026-31541

A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been...

New API 安全漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.1 contain security vulnerabilities. These vulnerabilities stem from the RelayMidjourneyImage/GetByOnlyMJId function in the router/relay-router.go file of the Midjourney Image Relay Endpoint...

EUVD-2026-31430

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

PT-2026-42538

LiteLLM prior to 1.83.14 allows an authenticated internal user to create API keys with access to routes that their role does not permit. When generating a key, the allowed routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

CVE-2026-20223

Cisco Secure Workload is affected by a vulnerability in the access validation of internal REST APIs that could allow an unauthenticated, remote attacker to access site resources with Site Admin privileges. The issue arises from insufficient validation/authentication when accessing REST API endpoi...

PT-2026-42193

Name of the Vulnerable Software and Affected Versions Cisco Secure Workload versions prior to 3.10.8.3 Cisco Secure Workload versions prior to 4.0.3.17 Description Insufficient validation and authentication in the internal REST API endpoints of Cisco Secure Workload allow an unauthenticated remot...

Cisco Secure Workload 访问控制错误漏洞

Cisco Secure Workload is a software product developed by Cisco Corporation in the United States. It allows users to install software agents on their application workloads. There is an access control vulnerability in Cisco Secure Workload, which stems from insufficient access validation in the...

PT-2026-42364

Vikunja has iCalendar Property Injection via CRLF in CalDAV Task Output in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, 10.11.13 and earlier 10.11.x series, and 11.4.3 and earlier 11.4.x series have security vulnerabilities. These vulnerabilities stem fr...

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.5, 11.1.5, 10.13.11, and 11.3.4.0 of Mattermost Plugins contain security vulnerabilities. These...

MalwarePT: A Binary-Level Foundation Model for Malware Analysis

Automated malware analysis increasingly relies on machine learning, yet most existing methods remain task-specific and depend on handcrafted features or narrowly scoped models. Recent developments in binary-level foundation models suggest a path toward reusable program representations, but their...

Distribution 安全漏洞

Distribution is an open-source toolset developed by Distribution, used for packaging, transporting, storing, and delivering content. Versions of Distribution prior to 3.1.1 contained security vulnerabilities. These vulnerabilities stemmed from bypassing the storage.delete.enabled: false...

CVE-2026-8407

Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery codes via crafted requests to PAM API endpoints. This issue affects the following versions : Devolutions Server...

CVE-2026-30805

CVE-2026-30805 affects Pandora FMS versions 777–800 and is described as an insecure default initialization of a resource that allows authentication bypass via API access. The available connected documents provide the vulnerability description but do not include explicit technical details beyond t...

EUVD-2026-29171

Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session...

GHSA-P9H5-JM8X-MJM5 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-organizations, zot, cilium-certgen, crossplane-provider-azure-storagesync, minio-object-browser-fips, crossplane-provider-aws-mediapackage, skopeo-fips, crossplane-provider-azure-security, skopeo, crossplane-provider-aws-scheduler,...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the 3gpp-pfd-management API. An attacker can create, read, and delete transaction state by sending requests with forged or arbitrary bearer tokens, even if the service is not declared in the configuration...

Exploit for Improper Input Validation in Microsoft

CVE-2026-27960 Overview The OpenCTI platform suffers from...

CVE-2026-20034

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...