EUVD-2026-36170

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...

PT-2026-42049

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.2 Description The public API role unassignment endpoint "/api/public/v1/roles/unassign" updates user documents in CouchDB but fails to invalidate the corresponding Redis user cache entries. Because the...

CVE-2026-41133

The CVE concerns pyLoad (Python download manager). Affected: versions up to 0.5.0b3.dev97. Root cause: the session cache stores user role/permissions at login and continues to authorize requests using these cached values even after an admin changes the user’s role/permissions in the database. Thi...

EUVD-2026-24035

OpenBao's SQL Injection in PostgreSQL database secrets engine...

GHSA-6VGR-CP5C-FFX3 OpenBao's SQL Injection in PostgreSQL database secrets engine

Impact When OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation failures, or more rarely, SQL injection as the management user. This vulnerability w...

CVE-2026-39946

OpenBao (open source identity-based secrets manager) before version 2.5.3 is affected. When revoking privileges on a role within the PostgreSQL database secrets engine, OpenBao could fail to properly quote schema names provided by PostgreSQL, potentially leading to role revocation failures and, m...

CVE-2026-39946 OpenBao allows SQL Injection in PostgreSQL database secrets engine

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation...

GHSA-66HX-CHF7-3332 pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)

Summary pyLoad caches role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database. As a result, an already logged-in user can keep old revoked privileges until logout/session...

EUVD-2007-4400

Malware in sbrugna...

HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. It is used to handle the most complex deployment processes in DevOps. A security vulnerability exists in HCL DevOps Deploy and HCL Launch that stems from the...

SUSE CVE-2006-4031

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy...

CVE-2021-36775

CVE-2021-36775 is an Improper Access Control issue in SUSE Rancher. The vulnerability allows users to retain privileges that should have been revoked. Affected Rancher versions are prior to 2.4.18, prior to 2.5.12, and prior to 2.6.3. Patched releases are 2.4.18, 2.5.12, 2.6.3 and later. This adv...

Fedora 31 : opensmtpd (2020-283dc7f094)

Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...

Fedora 30 : opensmtpd (2020-31216ab928)

Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...

Unspecified vulnerability in Cloudera CDH (CNVD-2020-14226)

Cloudera CDH is an open source Hadoop platform from Cloudera. The platform provides scalable storage and distributed computing, as well as a Web-based user interface and other enterprise features. A security vulnerability exists in Cloudera CDH versions prior to 5.7.1 that stems from the inabilit...

CVE-2016-4572

In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...

CVE-2016-4572

In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...

Command injection

In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...

Unauthorized access vulnerability in Xiaomi Mi Home Smart Platform

Xiaomi Mijia Intelligent Platform is Xiaomi's open platform for the IoT field, which can realize the interconnection of consumer smart hardware such as smart home devices, smart home appliances, smart wearable devices, smart travel devices and other consumer smart hardware. Xiaomi Mijia intellige...

IBM DB2 DBADM Privilege Revocation Security Bypass Vulnerability

The host is running IBM DB2 and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2dbadmsecbypassvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ IBM DB2 DBADM Privilege Revocation Security Bypass Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2011 Greenbone...