CVE-2026-22814 Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State

@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state...

CVE-2026-22814 Mass Assignment in AdonisJS Lucid Allows Overwriting Internal ORM State

@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state...

CVE-2026-22814

CVE-2026-22814 affects @adonisjs/lucid (AdonisJS ORM built on Knex) with a Mass Assignment vulnerability. The flaw allows an attacker who can influence assigned data to overwrite internal ORM state, potentially bypassing logic and enabling unauthorized record modification. Affected versions are L...

CVE-2026-20852

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...

CVE-2026-20852

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...

CVE-2026-20804

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...

CVE-2026-20852

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...

CVE-2026-20804

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...

UBUNTU-CVE-2025-68784

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...

CVE-2025-68784 xfs: fix a UAF problem in xattr repair

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...

CVE-2025-68784 xfs: fix a UAF problem in xattr repair

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...

CVE-2025-68784

CVE-2025-68784 pertains to the Linux kernel (xfs). The issue is a use-after-free in xattr repair where xchk_setup_xattr_buf can allocate a new value buffer, potentially leaving ab->value references dangling. The fix moves the assignment to after the buffer setup, mitigating the dangling refere...

Elastic Kibana Email Connector 安全漏洞

Elastic Kibana Email Connector is an email service connection component from Elastic Netherlands. A security vulnerability exists in the Elastic Kibana Email Connector that stems from improper input validation, which could lead to over-assignment via specially crafted email address parameters,...

PT-2026-2797

@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state...

PT-2026-2698

Name of the Vulnerable Software and Affected Versions Windows Hello affected versions not specified Description A flaw in Windows Hello’s privilege assignment allows a local attacker to perform tampering on the system. This issue could allow unauthorized access and manipulation of the system...

PT-2026-2657

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A flaw in Windows Hello’s privilege assignment can allow an attacker to perform tampering locally. This issue allows attackers to affect the system. Recommendations At the moment, there is no...

CVE-2026-22783

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

CVE-2026-22783 Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

CVE-2026-22783

CVE-2026-22783 affects the Iris DFIR-IRIS datastore file management system prior to version 2.4.24 . A vulnerability arises from mass assignment of the field file_local_name combined with trusting the path in the delete operation, enabling authenticated users to delete arbitrary filesystem paths....

CVE-2026-22783 Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...