1437 matches found
CVE-2026-58494
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...
Incorrect Authorization
Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Incorrect Authorization via the /api/settings/database endpoint, which allows exporting the entire database including plaintext API keys, OAuth tokens, and sensitive settings, a...
CVE-2024-1248
The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...
CVE-2024-1248
The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...
CVE-2024-1248
The CVE-2024-1248 entry describes a vulnerability in federated authentication that uses silent JIT provisioning. When a federated user shares a username with a local user, the provisioning process can overwrite the local user’s existing roles with roles from the federated IDP, effectively enablin...
CVE-2024-1248 Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation
The silent Just-In-Time JIT provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wi...
EUVD-2026-40352
Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in rundir agent/src/swarm/store.py. A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary...
EUVD-2026-38673
The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatelb24token AJAX function in versions up to, and including, 2.2. The handler only verifies the 'lb24' nonce which is generated and localized to any...
CVE-2026-54313
n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...
CVE-2026-56422
Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...
CVE-2026-11853
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...
bit7z 后置链接漏洞
bit7z is a file compression/uncompression tool developed by Riccardo as an individual project. Versions of bit7z prior to 4.0.12 had a post-installation link vulnerability. This vulnerability stemmed from the use of symbolic links during archive updates, allowing for arbitrary file overwriting...
Directory Traversal
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Directory Traversal in the process that handles SQLite source filenames. An attacker can gain unauthorized access to or modify internal application data by supplying a crafted filename that points to arbitrary files...
CVE-2026-31942
LibreChat (up to version 0.7.6) is affected by an Insecure Direct Object Reference (IDOR) in the API keys management endpoint (PUT /api/keys). After setting the authenticated user’s ID, an attacker can inject a userId parameter in the request body to overwrite other users’ API keys (e.g., OpenAI,...
CVE-2026-47266 Formie: Unauthenticated front-end submission editing can overwrite existing submissions
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26...
Linux Kernel - Local Privilege Escalation
Titles: Linux Kernel Local Privilege Escalation CVE-2026-43284 / CVE-2026-43500 / CVE-2026-46300 Author: nu11secur1ty Date: 2026-05-11 Vendor: Linux Kernel Software: Linux Kernel All major distributions Vulnerability Type: Page-Cache Write / Memory Corruption Status: HIGH / CRITICAL --- Descripti...
CVE-2026-42081 free5GC: UE Security Capability bypass on NGAP PathSwitchRequest
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the...
pip 安全漏洞
pip is a Python package installer developed by the Python Packaging Authority. There is a security vulnerability in pip, which arises from the use of a specially crafted entry point name during the installation of malicious Python wheels. This can lead to arbitrary file overwriting...
GHSA-JPJH-JM2P-39HH Arcane: Missing admin authorization on global variables endpoint
Summary The PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin authorization check. Any authenticated non-admin user can call this endpoint with their bearer token...
Linux Distros Unpatched Vulnerability : CVE-2020-37239
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in...