130 matches found
CVE-2026-39857
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...
CVE-2026-33888
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type module, where the method checks whether a MongoDB projection has already been set before applying...
CVE-2026-39857
CVE-2026-39857 – ApostropheCMS (Node.js) : Versions 4.28.0 and earlier contain an authorization bypass in the REST API (choices and counts query parameters) where MongoDB distinct() is used in a way that ignores publicApiProjection restrictions. This allows an unauthenticated attacker to retrieve...
CVE-2026-39857 Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...
CVE-2026-39857 Information Disclosure via `choices`/`counts` Query Parameters Bypassing publicApiProjection Field Restrictions
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct operations that bypass the publicApiProjection...
CVE-2026-33888 ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type module, where the method checks whether a MongoDB projection has already been set before applying...
CVE-2026-33888 ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type module, where the method checks whether a MongoDB projection has already been set before applying...
PT-2026-33170
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type module, where the method checks whether a MongoDB projection has already been set before applying...
PT-2026-33173
Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 Description An authorization bypass exists in the REST API of this open-source Node.js content management system. Unauthenticated attackers can extract all distinct field values for any schema field type...
We Are At War
Rising geopolitical tensions are reflected or in some cases preceded by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it. Introduction: One tech power to rule them all is a thing of the past The relative safety, peace and prosperity that...
[SECURITY] Fedora 43 Update: qgis-3.44.8-1.fc43
Geographic Information System GIS manages, analyzes, and displays databases of geographic information. QGIS supports shape file viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection on-the-fly, map composition, and a number of other features via a plugin interface. QGIS al...
CVE-2020-37064
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMPNSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\EPSON Projector\EasyMP Network Projection V2\ to inject...
CVE-2020-37064 EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMPNSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\EPSON Projector\EasyMP Network Projection V2\ to inject...
CVE-2020-37064
CVE-2020-37064 affects EPSON EasyMP Network Projection 2.81. The unquoted service path vulnerability resides in the EMP_NSWLSV service and allows local users to potentially execute arbitrary code by injecting through C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2, executing w...
EUVD-2020-30965
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMPNSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files x86\EPSON Projector\EasyMP Network Projection V2\ to inject...
PT-2026-5583
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:Program Files x86EPSON ProjectorEasyMP Network Projection V2 to inject malicio...
EPSON EasyMP Network Projection 代码问题漏洞
EPSON EasyMP Network Projection is a network projection management software developed by the Japanese company EPSON. Version 2.81 of EPSON EasyMP Network Projection contains a code vulnerability. This vulnerability stems from a path in the EMPNSWLSV service that lacks quotation marks, which may...
FOCA: Multimodal Malware Classification Via Hyperbolic Cross-Attention
In this work, we introduce FOCA, a novel multimodal framework for malware classification that jointly leverages audio and visual modalities. Unlike conventional Euclidean-based fusion methods, FOCA is the first to exploit the intrinsic hierarchical relationships between audio and visual...
One Leak Away: How Pretrained Model Exposure Amplifies Jailbreak Risks in Finetuned LLMs
Finetuning pretrained large language models LLMs has become the standard paradigm for developing downstream applications. However, its security implications remain unclear, particularly regarding whether finetuned LLMs inherit jailbreak vulnerabilities from their pretrained sources. We investigat...
EUVD-2023-48466
Malicious code in bioql PyPI...