5602 matches found
Scramble Laravel - Remote Code Execution
Scramble for Laravel = 0.13.2 and = 0.13.2 and 0.13.22 contains a remote code execution caused by evaluation of user-controlled input in validation rules during documentation generation, letting remote attackers execute arbitrary PHP code, exploit requires publicly accessible documentation...
CVE-2026-58252
A flaw was found in NATS Server. An authenticated user could bypass configured access restrictions and receive messages on subjects that were explicitly denied. This occurs when a wildcard subscription overlaps with a wildcard deny rule but is not a direct subset, or when queue subscriptions...
CVE-2026-58251
A flaw was found in NATS Server, a high-performance messaging system. An authenticated user with specific permissions could bypass security rules designed to deny access to certain message subjects. This bypass occurs when a queue subscription is used, allowing the user to access information that...
Adobe AEM Dispatcher <4.15 - Rules Bypass
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. id: CVE-2016-0957 info: name: Adobe AEM Dispatcher 4.15 - Rules Bypass author: geeknik severity:...
PT-2026-57557
Name of the Vulnerable Software and Affected Versions luci-app-samba4 affected versions not specified Description An issue in the read Access Control List ACL grants file.exec permission on /usr/sbin/smbd. This allows authenticated delegated users to execute the Samba daemon with command-line...
CVE-2026-52761
A flaw was found in ModSecurity, an open-source web application firewall WAF. The t:utf8toUnicode transformation function, responsible for converting UTF-8 encoded characters to Unicode, generates incorrect output on i386 architectures. This vulnerability allows an attacker to bypass WAF rules,...
CVE-2026-59857
Vim (up to version 9.2.0724) is affected by an out-of-bounds write in spell_soundfold_sal() in src/spell.c. The single-byte branch translates words via a SAL sound-folding rule into a caller-owned buffer, but reslen
CVE-2026-59857
Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...
CVE-2026-59857 Vim: Out-of-bounds Write in SAL Soundfolding
Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...
PT-2026-57014
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0725 Description A flaw exists in the single-byte branch of the spell soundfold sal function within src/spell.c. When translating a word using a spell file's SAL sound-folding rules into a caller-owned result buffer,...
Improper Authorization
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the queue subscription process. An attacker can gain unauthorized...
Improper Authorization
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the queue subscription process. An attacker can gain unauthorized...
Improper Authorization
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the subscription authorization process. An attacker can access...
Improper Authorization
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the subscription authorization process. An attacker can access...
CVE-2026-58209
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...
CVE-2026-58209 NATS Server: MQTT retained and QoS replay bypass subscribe deny filters
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...
CVE-2026-58209
NATS Server before versions 2.14.3 and 2.12.12 could deliver MQTT retained messages and QoS1+ durable replays to subscribers whose topics matched a deny rule, because delivery paths did not consistently re-check the original topic before sending MQTT PUBLISH. This issue is fixed in 2.14.3 and 2.1...
CVE-2026-58252 NATS Server: Subscribe Authz Bypass via Wildcard-Overlap
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset...
CVE-2026-58252
CVE-2026-58252 affects NATS Server prior to versions 2.14.0, 2.12.7, and 2.11.16. An authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset of it; queue subscriptions could also affect delivery...
CVE-2026-58251
CVE-2026-58251 affects NATS Server prior to version 2.14.0, 2.12.7, and 2.11.16. An authenticated user with subscription deny permissions could bypass a plain Subject deny rule by using a queue subscription, because queue-specific deny evaluation could override the plain subject deny result when ...