32 matches found
CVE-2026-56249 Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision
Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.createchannel permission can exploit a logic mismatch between existence validation and...
CVE-2026-56249
Capgo before 12.128.2 has an authorization bypass in the channel creation endpoint that lets authenticated users overwrite existing channels by reusing names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign c...
CVE-2026-54475 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover
Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...
CVE-2026-41231 Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron
Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other...
CVE-2026-3651
The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wpajaxnopriv without proper authentication checks, capability verificatio...
CVE-2025-10910
A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s account. The server‑side API allows device...
EUVD-2018-2775
Malware in sbrugna...
EUVD-2018-3366
Malware in sbrugna...
EUVD-2025-14507
Malicious code in bioql PyPI...
Apache Superset < 4.1.2 Multiple Vulnerabilities
According to its self-reported version, the Apache Superset is prior to 4.1.2. It is, therefore, affected by multiple vulnerabilities. - Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions...
CVE-2019-15080
An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract which is inherited by MORPH Token allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for...
CVE-2019-13143
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...
BIT-SUPERSET-2025-27696 Apache Superset: Incorrect authorization leading to resource ownership takeover
Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...
GHSA-W6C7-J32F-RQ8J Apache Superset Allows Ownership Takeover
Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...
Apache Superset Allows Ownership Takeover
Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...
CVE-2025-27696
Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...
CVE-2025-27696 Apache Superset: Incorrect authorization leading to resource ownership takeover
Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...
CVE-2025-27696
The CVE-2025-27696 entry concerns Apache Superset up to version 4.1.1, where an Incorrect Authorization vulnerability lets authenticated users with read permissions take ownership of dashboards, charts, or datasets. A fix is available in 4.1.2 and later. The public details consistently describe t...
Debian dla-3963 : ansible - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3963 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3963-1 [email protected]...
Medium: pmix
Issue Overview: OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. CVE-2023-41915 Affected Packages: pmix Issue Correction: Run dnf update pmix --releasever 2023.2.20231002 or...