200007 matches found
CVE-2026-8635 Arbitrary Code Execution in Python Interpreter Component
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions...
CVE-2026-8635
Security bulletin confirms CVE-2026-8635 affects Langflow OSS versions 1.0.0–1.10.0 where an authenticated user can exploit the Python Interpreter component to execute arbitrary code, bypass controls, and escalate to superuser by manipulating the database, potentially compromising the Langflow se...
CVE-2026-9135 Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...
AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance
Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. The team has identified CVE-2026-11400, an issue in Aurora PostgreSQL using the AWS Advanced JDBC Wrapper Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege...
GHSA-MHWW-P97M-3368 AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance
Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. The team has identified CVE-2026-11400, an issue in Aurora PostgreSQL using the AWS Advanced JDBC Wrapper Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege...
CVE-2026-48008
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...
CVE-2025-59866
The HCL DFMPro, DFXAnalytics and DFXServer installers are affected by ‘Insecure file permissions Leading to Privilege Escalation’ vulnerability, which enables any logged-in non-administrative user to overwrite or replace the executable file with a malicious binary...
CVE-2026-48014
Summary: CVE-2026-48014 affects Shopware open commerce platforms prior to 6.6.10.18 and 6.7.10.1, where Admin API order state transition routes (/api/_action/order/{orderId}/state/{transition} and related endpoints) could bypass ACL checks. The routes did not declare PlatformRequest::ATTRIBUTE_AC...
CVE-2026-48010 Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, UserController::upsertUser in src/Core/Framework/Api/Controller/UserController.php writes raw user data in SYSTEMSCOPE without filtering the admin field, so a non-admin API user with user:create or user:update ACL permission...
CVE-2026-48010
Summary: CVE-2026-48010 affects Shopware core prior to versions 6.6.10.18 and 6.7.10.1. The vulnerability arises when UserController::upsertUser() writes raw request data in SYSTEM_SCOPE without filtering the admin field, allowing a non-admin API user with user:create or user:update ACL to set ad...
CVE-2026-48008 Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...
CVE-2026-48008
Shopware vulnerability CVE-2026-48008 describes privilege escalation via the Sync API. A non-admin API user with integration:create can set admin: true when creating an integration through POST /api/_action/sync, bypassing the normal admin-check that blocks admin flag on POST /api/integration. Th...
CVE-2026-48008 Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...
EUVD-2026-45237
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...
EUVD-2025-210480
The HCL DFMPro, DFXAnalytics and DFXServer installers are affected by ‘Insecure file permissions Leading to Privilege Escalation’ vulnerability, which enables any logged-in non-administrative user to overwrite or replace the executable file with a malicious binary...
CVE-2025-59866
The HCL DFMPro, DFXAnalytics and DFXServer installers are affected by ‘Insecure file permissions Leading to Privilege Escalation’ vulnerability, which enables any logged-in non-administrative user to overwrite or replace the executable file with a malicious binary...
CVE-2025-59866
The CVE concerns HCL DFMPro, DFXAnalytics, and DFXServer installers suffering from Insecure file permissions that allow a logged-in non-administrative user to overwrite or replace the executable with a malicious binary. The underlying cause is unrestricted or insecure permissions on the installer...
CVE-2026-16106
A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can...
kernel: rtmutex: Use waiter::task instead of current in remove_waiter()
A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...
The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.
The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...