263 matches found
Keycloak: Redirect URI validation bypass via ..;/ path traversal in OIDC auth endpoint
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...
CVE-2026-4636
A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...
CVE-2026-5031
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...
EUVD-2026-16973
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...
CVE-2026-5031
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...
CVE-2026-5031
A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely...
CVE-2026-31873
Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...
sbt 操作系统命令注入漏洞
SBT is an open-source build tool for Scala, Java, and other languages. Prior to SBT 1.12.7, there was a vulnerability related to operating system command injection. This vulnerability stemmed from unvalidated user-controlled URI fragments, which could allow arbitrary commands to be executed on...
AWS VDP: Encryption context keys and values logged at INFO level
Component: cmd/server/main.go:101-106 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary The server startup code logs all encryption context key-value pairs at INFO level. Encryption context is metadata associated with KMS operations...
Sylius 安全漏洞
Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius, which stems from unvalidated resource IDs in multiple stores using LiveComponents. This vulnerability may lead to insecure direct objec...
CVE-2026-3693
A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...
EUVD-2026-10201
A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...
CVE-2026-3693
A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...
CVE-2026-3693 Shy2593666979 AgentChat User Endpoint user.py update_user_info resource injection
A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...
PT-2026-23894
Name of the Vulnerable Software and Affected Versions Shy2593666979 AgentChat versions prior to 2.3.1 Description A flaw exists in Shy2593666979 AgentChat related to improper control of resource identifiers. The issue resides within the get user info/update user info function located in the...
CVE-2025-11143
A flaw was found in org.eclipse.jetty. The Jetty URI parser handles invalid or unusual Uniform Resource Identifiers URIs differently compared to other common parsers. This discrepancy, known as differential parsing, can lead to security bypasses in systems that use multiple components to process...
ROS-20260205-73-0024
A vulnerability in the sendemptyflush function of the Linux kernel dm driver is related to improper control of resource identifiers. Exploitation of the vulnerability could allow an attacker to violate data integrity and also cause a denial of service...
ROS-20260205-73-0016
A vulnerability in the drivers/media/usb/cx231xx/cx231xx-417.c module of the Linux kernel is related to incorrect management of resource identifiers. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2026-1227)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ROS-20260121-73-0010
A vulnerability in the rxecleanup function of the rxepool.c component of the Linux kernel is related to improper control of resource identifiers. Exploitation of the vulnerability could allow an attacker to cause a denial of service...