Scalar 安全漏洞

Scalar is an interactive API documentation and testing tool developed by Scalar OpenSource. Version 0.1.13 of Scalar contains a security vulnerability. This vulnerability stems from the scalarurl query parameter on the Scalar Proxy endpoint, which involves server-side request forgeing. This could...

PT-2026-41940

Name of the Vulnerable Software and Affected Versions scalar/astro version 0.1.13 Description An arbitrary file upload issue exists in the Scalar Proxy endpoint via the scalar url query parameter. This allows attackers to execute arbitrary code by uploading a specially crafted SVG file Scalable...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp package

Summary Due to use of the path-to-regexp package, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you...

path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters

Impact A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two parameter...

Linux Distros Unpatched Vulnerability : CVE-2026-4867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period...

Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit

Summary An issue has been identified in the Bedrock AgentCore Starter Toolkit versions prior to v0.1.13 that may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. Impact A remote actor could inject code during the build process,...

CVE-2026-4269

A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before...

CVE-2026-4269

A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users of the Bedrock AgentCore Starter Toolkit before...

CVE-2026-4269

CVE-2026-4269 : The Bedrock AgentCore Starter Toolkit (pre-v0.1.13) suffers from missing S3 ownership verification during the build process, enabling a remote attacker to inject code and execute it in the AgentCore Runtime when a toolkit is built after 2025-09-24. Affected: users on pre-0.1.13 bu...

PT-2026-25792

Summary An issue has been identified in the Bedrock AgentCore Starter Toolkit versions prior to v0.1.13 that may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. Impact A remote actor could inject code during the build process,...

EUVD-2025-199749

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...

CVE-2025-65676

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...

CVE-2025-65675

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures...

CVE-2025-65672

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

ClassroomIO.com 安全漏洞

ClassroomIO.com is an educational platform open-sourced by ClassroomIO. A security vulnerability exists in ClassroomIO.com version 0.1.13, which originates in stored cross-site scripting and could allow an authenticated attacker to execute arbitrary code via a specially crafted SVG profile pictur...

CVE-2025-65672

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

CVE-2025-65669

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction...

ClassroomIO.com 安全漏洞

ClassroomIO.com is an educational platform open-sourced by ClassroomIO. A security vulnerability exists in ClassroomIO.com version 0.1.13 that stems from the ability of a student account to delete a course without authorization or authentication, potentially resulting in the bypassing of intended...

PT-2025-48177

Name of the Vulnerable Software and Affected Versions classroomio version 0.1.13 Description Student accounts can delete courses from the Explore page without proper authorization or authentication. This bypasses the restriction that course deletion should only be possible for administrators. The...

ClassroomIO.com 安全漏洞

ClassroomIO.com is an educational platform open-sourced by ClassroomIO. A security vulnerability exists in ClassroomIO.com version 0.1.13, which stems from an insecure direct object reference that could lead to a student accessing a sensitive administrator or teacher endpoint by manipulating the...