1082 matches found
PT-2026-56072
Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description The tailnet coordinator fails to validate that an agent's AllowedIPs derive from its authenticated UUID,...
ROOT-APP-NPM-CVE-2026-41907 CVE-2026-41907 in @rootio/uuid - Patched by Root
Root has patched CVE-2026-41907 in the @rootio/uuid package for Root:npm. Multiple fixed versions available...
CVE-2026-27881 Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, GET /api/v1/deployments/uuid in DeployController.php retrieves deployment details without validating that the deployment belongs to the authenticated user's team. Any...
CVE-2026-57498 Coolify Cross-Team IDOR: Livewire Components Accept Unscoped server_id and destination_uuid — Deploy to Other Teams' Servers
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controllers consistently validate server ownership with Server::whereTeamId$teamId before any operation. However, multiple Livewire web UI components accept...
CVE-2026-57952
Mythic before 3.4.0.60 contains an authorization bypass in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in one operation can invoke these endpo...
Malicious code in date-uuid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58dffbe61370f78deed5bacbc8f6bc46a8a989f03da218643a41b52ed025fa6a Package advertised as a UUIDv7 helper, but on require/import it auto-invokes extractDateISO in bootstrap.js, which reads README.md from process.cwd,...
MAL-2026-6566 Malicious code in date-uuid (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58dffbe61370f78deed5bacbc8f6bc46a8a989f03da218643a41b52ed025fa6a Package advertised as a UUIDv7 helper, but on require/import it auto-invokes extractDateISO in bootstrap.js, which reads README.md from process.cwd,...
Security Bulletin: Vulnerabilities in jackson-core and UUID might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in jackson-core and UUID. Vulnerabilities include jackson-core will throw a StreamConstraintsException if the limit is reached, vulnerable to a Denial of Service DoS attack and making unexpected writes when...
CVE-2026-53253 Bluetooth: bnep: reject short frames before parsing
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bneprxframe reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before...
PT-2026-52348
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Bluetooth BNEP implementation where a peer can send a short BNEP Service Discovery Unit SDU. The function bnep rx frame reads the packet type byte and, for control...
CVE-2026-47279
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...
CVE-2026-56315 picklescan - Remote Code Execution via Unblocked Standard Library Modules
picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...
CVE-2026-56315
CVE-2026-56315 affects the Python tool picklescan until version 1.0.4, which fails to block imports from at least seven standard library modules (e.g., uuid, _osx_support, _aix_support, _pyrepl.pager, imaplib). This allows adversaries to craft pickle files that import these unblocked modules to t...
Gogs Missing Authorization in Attachment Download
Summary In Gogs 0.14.1, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we confirmed that an unauthenticated user ca...
PT-2026-51457
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Gogs is an open source self-hosted Git service. The endpoint '/attachments/:uuid' retrieves attachment records using the uuid variable provided in the URL and returns the corresponding local file witho...
ROOT-APP-NPM-GHSA-W5HQ-G745-H8PQ GHSA-w5hq-g745-h8pq in @rootio/uuid - Patched by Root
Root has patched GHSA-w5hq-g745-h8pq in the @rootio/uuid package for Root:npm. Multiple fixed versions available...
[SECURITY] Fedora 44 Update: vmod-uuid-1.10-31.fc44
UUID Varnish vmod used to generate a uuid, including versions 1, 3, 4 and 5 as specified in RFC 4122. See the RFC for details about the various versions...
Fedora 44 : collectd / varnish / varnish-modules / vmod-querystring / vmod-uuid (2026-2148c0e80b)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-2148c0e80b advisory. New upstream release varnish-8.0.2, a security release. Includes fix for VSV00019. Dependent packages are included in this update. Tenable has extracted the...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in uuid-3.3.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in uuid-3.3.2.tgz Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writ...
GHSA-G5VC-Q7QC-V939 Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known
Description Bugsink’s issue list supports bulk actions such as resolving or muting selected issues. In affected versions, the issue list view authorizes access through the project in the URL, but applies the requested bulk action to the submitted issue IDs without also requiring those issues to...