28836 matches found
CVE-2026-42467
An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadBinaryDataTransferDM16 causing a denial of service via crafted CAN frame on the J1939 bus...
OpenStack Keystone 安全漏洞
OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Security vulnerabilities exist in OpenStack Keystone versions 13 to 29. These vulnerabilities stem from the lack of verification of the projectid provided by the caller in the POST /v3/credentials...
CVE-2026-43001
An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...
EUVD-2026-26695
An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadBinaryDataTransferDM16 causing a denial of service via crafted CAN frame on the J1939 bus...
CVE-2026-43001
An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...
CVE-2026-43001
An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...
PT-2026-36306
Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 13 through 29 Description An issue exists where the 'POST /v3/credentials' endpoint fails to validate that the project id provided by the caller for an EC2-type credential matches the project of the authenticating...
EUVD-2026-26488
An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...
CVE-2026-43001
CVE-2026-43001 affects OpenStack Keystone (versions 13–29) where POST /v3/credentials does not validate that the caller-supplied project_id for an EC2-type credential matches the authenticating application credential’s project. An attacker with an unrestricted app_cred for project A can create an...
CVE-2026-7508
A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...
CVE-2026-7508 Bootstrap CMS Page Creation show.blade.php code injection
A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...
EUVD-2026-26456
A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...
CVE-2026-7508
Bootstrap CMS 0.9.0-alpha is affected by a code-injection vulnerability in the Page Creation Handler, specifically via the file resources/views/pages/show.blade.php where manipulating the body argument triggers injection. Remote exploitation is possible and an exploit has been published. The proj...
CVE-2026-40603
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
CVE-2026-40904
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...
CVE-2026-40600
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different project. The affect...
CVE-2026-40603 Chartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team override
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
EUVD-2026-26410
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
CVE-2026-40603
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...
CVE-2026-40600 Chartbrew: Incorrect Access Control in project share policy routes via unbound policy_id
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different project. The affect...