21690 matches found
SUSE CVE-2026-46316
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach and drops the cache's reference on each entry with vgicputirq. It puts...
EUVD-2026-35879
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary userid because the getitemspermissionscheck meth...
CVE-2026-53675
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary userid because the getitemspermissionscheck meth...
Fission 访问控制错误漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a access control vulnerability. This vulnerability stemmed from the lack of namespace validation using the access webhook in the Fission Function specification for...
PT-2026-48476
Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...
PT-2026-48505
Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description An issue exists in the Fission serverless framework where the admission webhook fails to validate the namespace for the PackageRef.Namespace reference type. While Secret and ConfigMap reference type...
CVE-2026-53675 BuddyPress 14.4.0 Friends List IDOR via REST API
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary userid because the getitemspermissionscheck meth...
CVE-2026-53675
CVE-2026-53675 concerns BuddyPress 14.4.0, where an insecure direct object reference in the friends REST API allows any authenticated user to enumerate another user’s complete friend list. The get_items_permissions_check method only verifies that the requester is logged in, not ownership of the r...
CVE-2026-53673 BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a userid parameter in the request. Attackers can pass another user's identifier to the...
CVE-2026-53673
CVE-2026-53673 affects BuddyPress 14.4.0. The issue is an insecure direct object reference in the messages REST API where a user_id parameter can be supplied to read, reply to, or delete private messages. Attackers can pass another user’s identifier to get_item_permissions_check (which validates ...
CVE-2026-53673 BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter
BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a userid parameter in the request. Attackers can pass another user's identifier to the...
CVE-2026-9740
Affected software: MongoDB Server. Vulnerability: BSON validation logic allows unauthenticated users to crash mongod via a specially crafted message. The BSON validator’s handling of certain nested binary data structures enables uncontrolled mutual recursion, where each re-entry resets internal d...
CVE-2026-9752 GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation
An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...
MINI-HW4Q-X796-CGCW
Bulletin has no description...
MINI-P44H-M6MG-8V55
Bulletin has no description...
MINI-38MJ-VJGF-HV7V
Bulletin has no description...
MINI-QMHM-WR6R-XQM6
Bulletin has no description...
MINI-CG54-54R7-6RRR
Bulletin has no description...
MINI-6Q68-78H5-W6RJ
Bulletin has no description...
MINI-58G8-FW7J-VCRQ
Bulletin has no description...