23 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-32700
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to...
CVE-2026-32700
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
Race Condition
Overview devise is a flexible authentication solution for Rails with Warden. Affected versions of this package are vulnerable to Race Condition in the Confirmable module, when the reconfirmable option is enabled which it is by default. An attacker can confirm an email address they don't own by...
CVE-2025-61735
Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...
EUVD-2025-32088
Malicious code in bioql PyPI...
Apache Kylin Authentication Bypass Vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue...
Authentication Bypass Using an Alternate Path or Channel
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the /api/user/updateuser endpoint. An attacker can gain unauthorized access by exploiting this endpoint t...
Server-side Request Forgery (SSRF)
Overview org.apache.kylin:kylin-server is an analytics Engine, contributed by eBay Inc., provides SQL interface and multi-dimensional analysis OLAP on Hadoop supporting extremely large datasets. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. An attacker can...
GHSA-P86W-W5RH-M3HX Apache Kylin Files or Directories Accessible to External Parties
Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the...
Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability
Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...
Files or Directories Accessible to External Parties
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests...
CVE-2025-61734
Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the...
CVE-2025-61734
Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the...
CVE-2025-61735 Apache Kylin: Server-Side Request Forgery
Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...
CVE-2025-61735
Apache Kylin is affected by a Server-Side Request Forgery (SSRF) vulnerability in versions 4.0.0 through 5.0.2. The issue arises from insufficient authentication to verify request sources, potentially allowing an attacker to probe internal/intranet resources. The recommended remediation is to upg...
CVE-2025-61733 Apache Kylin: Authentication bypass
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue...
CVE-2025-61733
CVE-2025-61733 describes an authentication bypass in Apache Kylin. Affected versions are 4.0.0 through 5.0.2; remediation is to upgrade to 5.0.3, which fixes the issue. Connected sources consistently state an authentication bypass via an alternate path or channel affecting the Kylin API (notably ...
CVE-2025-61734 Apache Kylin: improper restriction of file read
Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the...
CVE-2025-61734
CVE-2025-61734 affects Apache Kylin (versions 4.0.0 through 5.0.2). The issue is an information-disclosure vulnerability caused by inadequate protection of sensitive information, allowing files or directories to be accessible to external parties. The vulnerability is addressed by upgrading to Apa...