NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation

Summary The OAuth token strategy attached oauthscope and oauthgrantedresources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited the full permissions of the underlying user across all routes; the...

CVE-2022-50516

The CVE-2022-50516 issue in the Linux kernel’s fs: dlm was fixed by a patch that ensures sb_lvbptr is not dereferenced when DLM_LKF_VALBLK is involved, avoiding a potential NULL/dangling pointer dereference in memcpy paths. The fix copies lvbptr arrays only when DLM_LKF_VALBLK is set (not merely ...

EUVD-2025-32826

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...

EUVD-2025-21047

Malicious code in bioql PyPI...

kernel: fs: dlm: fix invalid derefence of sb_lvbptr

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...

CVE-2018-17012

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services e.g., inetd, HTTP, DNS, and UPnP via long JSON data for hostsinfo setblockflag uplimit...

Linux kernel memory misreference vulnerability (CNVD-2018-24384)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A memory misreference vulnerability exists in the 'trymergefreespace' function in the Linux kernel, which stems from a failure of btrfscheckchunkvalid in the...