SUSE CVE-2026-41487

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...

MGASA-2026-0136 Updated perl-Net-CIDR-Lite packages fix security vulnerabilities

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. CVE-2026-45190 Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL...

CVE-2025-69443

Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all Archon information available on the UI including API keys...

EUVD-2026-30278

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There were security vulnerabilities in versions of GitLab EE from 11.10...

etcd 安全漏洞

Etcd is an open-source key-value storage system for distributed systems, written in the Go language. There are security vulnerabilities in versions of etcd prior to 3.4.44, 3.5.30, and 3.6.11. These vulnerabilities stem from transactions that bypass RBAC authorization checks through PrevKv or Put...

Northern.tech CFEngine Enterprise 安全漏洞

Northern.tech CFEngine Enterprise is a multi-functional solution developed by Northern.tech, designed for automatically performing daily tasks. Versions prior to 3.21.8, 3.24.3, and 3.27.0 of Northern.tech CFEngine Enterprise contain security vulnerabilities due to incorrect access control...

PT-2026-41183

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description An internal-only bypass filter parameter is exposed on the '/openai/chat/completions' and '/ollama/api/chat' HTTP endpoints due to FastAPI query string binding. This allows any authenticated user...

PT-2026-41210

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the assistant create and update processes. The application uses Object.assign to copy the request body into the Assistant entity without an explicit field allowlist,...

CVE-2026-24711

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control...

CVE-2026-24711

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control...

PT-2026-41175

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.5.7 Description An issue exists where a user can modify another user's model regardless of whether its visibility is set to Private. By altering access permissions during the editing process, unauthorized access...

PT-2026-40871

Name of the Vulnerable Software and Affected Versions GitLab EE versions 11.10 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description Improper access control allows an authenticated user with developer-role permissions to remove code owner...

CVE-2026-24711

Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control...

CVE-2026-24711

CVE-2026-24711 affects Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 with Incorrect Access Control. The NVD entry lists a CVSS v3.1 base score of 5.3 (Network, Low Confidentiality impact, No Integrity/Availability impact; privileges required: None; user interaction: None; sc...

PT-2026-41188

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description In standard channels, the pin and unpin operation incorrectly verifies only read permissions instead of write permissions. This allows users with read-only access to modify the is pinned, pinned b...

CVE-2025-69443

Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all Archon information available on the UI including API keys...

Archon 安全漏洞

Archon is a content management system CMS specifically designed for archival information management. Version 0.1.0 of Archon contains a security vulnerability. This vulnerability stems from a specially crafted HTML page, which may allow victims to execute commands when accessing the system, run...

Yordam Library Automation System 安全漏洞

Yordam Library Automation System is an application developed by Yordam Corporation. Versions of the Yordam Library Automation System from v.19.5 to v.22.1 contained security vulnerabilities. These vulnerabilities were caused by incorrect authorization settings, which could lead to exploitation of...

PT-2026-41115

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description An inappropriate implementation in Chromoting allows a local attacker to bypass discretionary access control, which is a type of security mechanism that restricts access to objects bas...