219774 matches found
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...
External Control of File Name or Path
Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the processing of search queries involving hasparent or haschild join relations when document-level security is enabled. An attacker can gain unauthorized access to restricted document contents by crafting...
WordPress plugin PDF Poster 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
AlmaLinux 10 : kernel (ALSA-2026:13566)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13566 advisory. kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of service or privilege escalation CVE-2026-23270 kernel: nfsd: fix hea...
MAL-2026-3640 Malicious code in camelotlabs-config (npm)
Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...
PT-2026-41472
Name of the Vulnerable Software and Affected Versions OpenSearch versions prior to 2.19.4 OpenSearch versions prior to 3.2.0 Description A flaw in the OpenSearch Security plugin occurs during the handling of index rollover requests. When a request includes an explicit target index name, the...
PT-2026-38423
Name of the Vulnerable Software and Affected Versions Liderahenk versions 2.0.1 through 2.0.1 Description An Origin Validation Error in the application allows attackers to bypass Access Control Lists ACLs, which are sets of rules that define permissions for users or systems. This flaw enables...
Yarbo 访问控制错误漏洞
Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains an access control vulnerability. This vulnerability stems from the MQTT proxy configuration, which allows anonymous connections without topic-level read/write ACLs. ...
PT-2026-38455
Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.1.1 Ivanti EPMM versions prior to 12.7.0.1 Ivanti EPMM versions prior to 12.8.0.1 Description Improper Access Control allows a remote unauthenticated attacker to invoke arbitrary methods. Recommendations Upda...
Snipe-IT 访问控制错误漏洞
Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT 8.4.0 and earlier contained a access control vulnerability. This vulnerability stemmed from improper permission settings in the app/Http/Controllers/Api/UploadedFilesController.php...
PT-2026-38460
Name of the Vulnerable Software and Affected Versions Yarbo firmware version 2.3.9 Description The embedded MQTT broker is configured to permit anonymous connections and lacks topic-level read or write Access Control Lists ACLs. This allows any host on the same network to subscribe to sensitive...
Microsoft Azure AI Foundry M365 published agents 访问控制错误漏洞
Microsoft Azure AI Foundry M365 Published Agents are a series of enterprise-level intelligent agents provided by the American company Microsoft. There is an access control vulnerability in Microsoft Azure AI Foundry M365 Published Agents. This vulnerability stems from improper access control, whi...
PT-2026-38356
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...
PT-2026-38368
Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The PCF Npcf SMPolicyControl service lacks authentication middleware in the NewServer function, where the smPolicyGroup route group is created without attaching the RouterAuthorizationCheck middlewar...
Optoma CinemaX P2 安全漏洞
The Optoma CinemaX P2 is a super-short focal-length 4K laser home projector from Optoma. The Optoma CinemaX P2 has a security vulnerability, which stems from exposing the HTTP API on TCP port 2345 and allowing unauthorized remote control. This vulnerability could allow any device on the same...
PT-2026-38451
Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.1.1 Ivanti EPMM versions prior to 12.7.0.1 Ivanti EPMM versions prior to 12.8.0.1 Description Improper Access Control allows a remote authenticated attacker to gain administrative access. Recommendations Upda...
PT-2026-38365
Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...
DivvyDrive 安全漏洞
DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive prior to 4.8.3.2 contained security vulnerabilities. These vulnerabilities stemmed from improper control over modifications to object properties and unlimited resource...