6 matches found
CVE-2026-14439
CVE-2026-14439 describes a path-traversal in the Git Service shared by Altium Enterprise Server and Altium 365. The vulnerability arises from a post-clone file-manipulation primitive that accepts user-supplied paths without validation, enabling an authenticated user with basic git access to move ...
CVE-2026-14439 Path Traversal in Altium Git Service Allows Remote Code Execution
A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...
CVE-2026-45831
A flaw was found in the SimpleRBACAuthorizationProvider authorization provider in the ChromaDB Python project. This vulnerability allows an authenticated user to perform actions across different tenants, databases, or collections without proper authorization. The provider incorrectly evaluates us...
PT-2026-45062
Summary Type: Insecure Direct Object Reference. The GET /workspaces/workspace id/issues/issue id/activity endpoint is gated by require workspace memberworkspace id and dispatches to ActivityService.list for issueissue id, which executes SELECT FROM activity WHERE issue id = :issue id with no...
CVE-2026-2734
Summary : For mlflow/mlflow up to version 3.9.0, the REST endpoint GET /api/2.0/mlflow/model-versions/search and the GraphQL query mlflowSearchModelVersions lack per-model authorization when basic auth is enabled. This results in any authenticated user being able to enumerate all model versions a...
PT-2026-28472
Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description The application is designed for managing recipes, planning meals, and creating shopping lists. A hidden query parameter, ?debug=true, within the Recipe API endpoint reveals the complete raw S...