521 matches found
CVE-2026-1471
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...
CVE-2026-1471
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...
Prototype Pollution
expr-eval and expr-eval-fork is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of JavaScript prototype-based inheritance in the eval interface, which allows an attacker with access to manipulate object prototypes and potentially achieve arbitrary code execution...
GHSA-P7GR-F84W-HQG5 OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns
Summary A sandboxed session could use cross-agent sessionsspawn to create a child under an agent configured with sandbox.mode="off", downgrading runtime confinement. Impact In mixed-agent setups that allow cross-agent spawning, a sandboxed requester could escape into an unsandboxed child runtime...
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns
Summary A sandboxed session could use cross-agent sessionsspawn to create a child under an agent configured with sandbox.mode="off", downgrading runtime confinement. Impact In mixed-agent setups that allow cross-agent spawning, a sandboxed requester could escape into an unsandboxed child runtime...
CVE-2026-27125 Svelte SSR attribute spreading includes inherited properties from prototype chain
svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a...
Intel Graphics Software 安全漏洞
Intel Graphics Software is a graphics configuration management tool developed by Intel, a company in the United States. Versions of Intel Graphics Software prior to 25.30.1702.0 contained security vulnerabilities, which were caused by insecure permission inheritance, potentially leading to...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002660)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002660 advisory. The XFSISREALTIMEINODE macro in fs/xfs/xfslinux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users...
Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2026-1097)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2026-1056)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2026-1035)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mattermost Desktop < 6.0.0 (macOS) (MMSA-2025-00504)
The version of Mattermost Desktop installed on the remote host is prior to 6.0.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00504 advisory: - Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged fo...
poppler security update
21.01.0-23 - Bump release for build inheritance - Resolves: RHEL-131792 21.01.0-22 - Check bitmap in combine - Resolves: RHEL-131795, RHEL-131792...
PT-2026-27736
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s scheduling logic related to SCHED DEADLINE tasks. Specifically, when a SCHED DEADLINE task changes to a lower priority class using sched setscheduler,...
CVE-2025-13326
Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder...
CVE-2025-13326 Mattermost Desktop App fails to enable Hardened Runtime when packaged for Mac App Store
Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder...
CVE-2025-14714 TCC Bypass via Inherited Permissions in Bundled Interpreter
An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...
Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2025-2528)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP13 : proftpd (EulerOS-SA-2025-2507)
According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental...
GHSA-9X5G-62GJ-WQF2 Directus has Improper Permission Handling on Deleted Fields
Summary Directus does not properly clean up field-level permissions when a field is deleted. If a new field with the same name is created later, the system automatically re-applies the old permissions, which can lead to unauthorized access. Details When a field is removed from a collection, its...