CVE-2026-42202

nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...

CVE-2026-42202 nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...

CVE-2026-42202

nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...

CVE-2026-42202 nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...

CVE-2026-42202

In detail, CVE-2026-42202 affects the laravel package almirhodzic/nova-toggle-5 (Nova toggle feature). Before 1.3.0, the toggle endpoint POST /nova-vendor/nova-toggle/toggle/{resource}/{resourceId} was protected only by web + auth:, allowing any authenticated user on the configured guard—even non...

CVE-2026-43423

Concrete details show a Linux kernel issue in the usb gadget f_ncm driver: the ncm_set_alt function held a mutex to guard configfs races and invoked may_sleep in an atomic context, enabling a potential sleep path. The fix removes a struct net_device pointer from f_ncm_opts and introduces a new bo...

CVE-2026-43423

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix atomic context locking issue The ncmsetalt function was holding a mutex to protect against races with configfs, which invokes the might-sleep function inside an atomic context. Remove the struct netdevice...

CVE-2026-43423

...

Laravel Nova 5 Toggle Field 授权问题漏洞

Laravel Nova 5 Toggle Field is a tool developed by Almir Hodzic for quickly toggling boolean values in Laravel Nova 5. Versions of Laravel Nova 5 Toggle Field prior to 1.3.0 had an authorization vulnerability. This vulnerability stemmed from the fact that the endpoint was only protected by web an...

PT-2026-39084

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the usb gadget f ncm component where the ncm set alt function holds a mutex to prevent races with configfs. This action invokes a sleeping function within an atomic...

YARA-X 1.16.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

NPM: Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion

NPM: Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in withXSRFToken Boolean Coercion vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

GHSA-XX6V-RP6X-Q39C Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion

Vulnerability Disclosure: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in withXSRFToken Boolean Coercion Summary The Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. Whe...

CVE-2025-63548

An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field...

SQLInjection

Projekt Edukacyjny: Podatności SQL Injection Niniejsze repozy...

CVE-2025-63548

The CVE-2025-63548 entry concerns Eprosima Micro-XREC-DDS Agent v3.0.1. The issue allows a remote attacker to cause a denial of service by sending a packet with a non-valid value in any Boolean field. The NVD metrics indicate a Network attack vector, low complexity, no privileges, and an Availabi...

Micro XRCE-DDS Agent 安全漏洞

Micro XRCE-DDS Agent is an eProsima open source proxy bridging tool for resource constrained devices to communicate with the DDS world. A security vulnerability exists in Micro XRCE-DDS Agent version 3.0.1 that stems from improper handling of non-valid values in Boolean fields, which could lead t...

CVE-2025-63548

An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field...

CVE-2025-63548

An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field...

CVE-2025-63548

An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field...