20368 matches found
PT-2026-39303
Name of the Vulnerable Software and Affected Versions view component versions 3.0.0 through 4.8.9 Description The system test entrypoint canonicalizes a user-controlled file path using File.realpath and verifies if the resolved path starts with the temporary directory path. This containment check...
PT-2026-39274
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The validate collection access function employs an incomplete allowlist that only verifies ownership for collections starting with user-memory- and file-. Other collection names, such as the...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of KCOV detection after the x86 kexec operation, resulting in an invalid GS base...
Roadiz Document base system 数据伪造问题漏洞
The Roadiz Document Base System is an open-source HTML template rendering system based on documents developed by Roadiz. Versions prior to 2.3.43, 2.5.45, 2.6.31, and 2.7.18 of the Roadiz Document Base System had data manipulation vulnerabilities. These vulnerabilities stemmed from the use of OID...
CVE-2026-6736 Authentication bypass vulnerability in GitHub Enterprise Server allowed creation of local user accounts bypassing the configured external identity provider
An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity provider. When external authentication was enabled, the signup endpoint did not properly enforce th...
DEBIAN-CVE-2026-42501
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...
CVE-2026-42501
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...
UBUNTU-CVE-2026-42501
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...
CVE-2026-42501
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...
CVE-2026-42501
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...
CVE-2026-42501
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...
CVE-2025-31970
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting XSS...
Chromium: CVE-2026-7910 Use after free in Views
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.23 LTS and 13.1.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Spring Cloud Config Server Susceptible To TOCTOU Attack
The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...
GHSA-86WQ-234Q-R6WG Spring Cloud Config Server Susceptible To TOCTOU Attack
The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...
CVE-2026-41002
The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...
CVE-2026-41641 NocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL` Call
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and...
CVE-2026-41641
CVE-2026-41641 (NocoBase plugin-collection-sql) affects versions prior to 2.0.39. The root cause is that the checkSQL() validation, which blocks dangerous SQL keywords and enforces SELECT/WITH SELECT constraints, is applied on collections:create and sqlCollection:execute but is not invoked during...
CVE-2026-41640
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using...