CVE-2026-40214

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

CVE-2026-49190

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

PT-2026-46794

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from keys that accept the ConfirmBeforeUse constraint but never enforce it, resulting in...

Windows BitLocker Security Feature Bypass Vulnerability

Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...

EUVD-2020-27542

Malware in sbrugna...

EUVD-2024-2580

Malicious code in bioql PyPI...

CVE-2025-27538

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with editotherusers permission to activate or deactivate MFA for other users, even if those users have not...

BIT-MATTERMOST-2025-25068

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes...

GHSA-72QV-J8VR-XVFV Mattermost Fails to Enforce MFA on Plugin Endpoints

Mattermost versions 10.4.x = 10.4.2, 10.3.x = 10.3.3, 9.11.x = 9.11.8, 10.5.x = 10.5.0 fail to enforce MFA on plugin endpoints, which allows authenticated attackers to bypass MFA protections via API requests to plugin-specific routes...

SUSE CVE-2021-21131

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page...

Hashicorp Terraform 授权问题漏洞

Hashicorp Terraform is an open source tool for provisioning and managing cloud infrastructure from HashiCorp Hashicorp, USA. A security vulnerability exists in HashiCorp Terraform that stems from a failure to enforce an organization-level setting that requires users within an organization to enab...

chromium-browser: Insufficient policy enforcement in CSP

Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page...

CVE-2020-1229

A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'...

Google Chrome suffers from an unspecified vulnerability (CNVD-2020-38209)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an unspecified vulnerability that stems from insufficient policy enforcement. The vulnerability can be exploited by an attacker to bypass security restrictions with the help of specially crafted HTML pages...

OrientDB Arbitrary Command Execution Vulnerability

OrientDB is a British company Orient a set of open source NoSQL database management system . The system supports ACID transactions , fast indexes and SQL queries and other features . OrientDB 2.22 and previous versions of a security vulnerability , the vulnerability stems from the program fails t...

CVE-2000-0334

CVE-2000-0334 affects the Allaire Spectra container editor preview tool. The issue arises from improper enforcement of object security, permitting an attacker to perform unauthorized activities through an object-method added to the container object via a publishing rule. The documented impact is ...