Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the router not calling filterallowedaccessgrants during path creation or updates...

EUVD-2026-25417

Codechecker has an authentication bypass for certain API calls...

CVE-2026-25660

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in...

CVE-2026-25660 Authentication bypass for certain API calls

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in...

CVE-2026-25660

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in...

CVE-2026-25660

CVE-2026-25660 affects CodeChecker (analyzer tooling, defect DB, and viewer extension for Clang Static Analyzer and Clang-Tidy) up to version 6.27.3. The issue is an authentication bypass triggered when the URL ends with certain function calls, allowing assignment of arbitrary permissions to any ...

CVE-2026-25660 Authentication bypass for certain API calls

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in...

CodeChecker 安全漏洞

CodeChecker is an open-source analysis tool developed by Ericsson, which includes Clang Static Analyzer and Clang Tidy. It also provides a database of defects and extensions for viewers. Versions of CodeChecker prior to 6.27.3 contained security vulnerabilities. These vulnerabilities stemmed from...

CVE-2026-33649

CVE-2026-33649 affects WWBN AVideo (versions up to 26.0). The vulnerability is in the GET-based endpoint plugin/Permissions/setPermission.json.php, which lacks CSRF protection and relies on session.cookie_samesite=None. This enables an unauthenticated attacker to craft a page containing tags tha...

Security update for python-wheel

This update for python-wheel fixes the following issues: CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

Security update for python313-wheel

This update for python313-wheel fixes the following issues: CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

CVE-2026-24131 pnpm has Path Traversal via arbitrary file permission modification

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

GHSA-8RRH-RW8J-W5FX Wheel Affected by Arbitrary File Permission Modification via Path Traversal in wheel unpack

Summary - Vulnerability Type: Path Traversal CWE-22 leading to Arbitrary File Permission Modification. - Root Cause Component: wheel.cli.unpack.unpack function. - Affected Packages: 1. wheel Upstream source 2. setuptools Downstream, vendors wheel - Severity: High Allows modifying system file...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the unpack function. An attacker can modify permissions of arbitrary files by supplying a malicious archive that, when unpacked, executes chmod on sensitive files outside the intended extraction directory. Detail...

CVE-2023-50423

SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...

EUVD-2023-3253

Malicious code in bioql PyPI...

Privilege Escalation

sap/xssecis vulnerable to Privilege Escalation. The vulnerability is due to a flaw where the library can incorrectly accept or elevate security context from untrusted input, and an unauthenticated attacker can exploit this by sending specially crafted requests or tokens to obtain arbitrary...

CVE-2023-38290

Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203',...

Cupsd Listen arbitrary chmod 0140777

...

Python Library Certifi < 2024.07.04 Untrusted Root Certificate

The detected version of Certifi python package, certifi, is prior to version 2024.07.04. Therefore, it contains untrusted root certificates from GLOBALTRUST. An unauthenticated, remote attacker can exploit this to gain arbitrary permissions within the application. Note that Nessus has not tested...