19 matches found
CVE-2026-44347
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...
CVE-2026-44347 Warpgate: SSO CSRF -- State Token Not Validated on Return
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...
CVE-2026-44347
Warpgate is an open source bastion host for Linux (SSH/HTTPS/MySQL). Before 0.23.3, the SSO flow did not validate the state parameter, enabling CSRF-style tricks where an attacker could coerce a user into logging into the attacker’s account and perform sensitive actions. The issue is fixed in ver...
CVE-2026-44347
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...
EUVD-2026-29882
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on t...
CVE-2026-42351
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories...
PT-2026-40469
Name of the Vulnerable Software and Affected Versions Warpgate versions prior to 0.23.3 Description The SSO flow fails to validate the state parameter. This allows an attacker to trick a user into logging into an account controlled by the attacker, which could lead the user to perform sensitive...
CVE-2026-42352
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3...
CVE-2026-42352
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3...
CVE-2026-42351
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories...
CVE-2026-42352
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3...
CVE-2026-42352 pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3...
CVE-2026-42352 pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3...
CVE-2026-42351
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories...
CVE-2026-42351 pygeoapi: Path Traversal in STAC FileSystemProvider
pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories...
GHSA-JGVC-94C8-3CHC pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber
Impact OGC API - Process execution requests can use the subscriber object to requests to internal HTTP services. Patches The issue has been patched in master branch and made available as part of the 0.23.3 release. The patch disables any HTTP requests made to internal resources by default unless...
Malicious code in elementary-data (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 96dc65f67f54411d3de6b23a33a8f73665e2703d7261b7f1720cdc089c528eea Versions 0.23.3 were compromised. A threat actor exploited a vulnerability in the CI workflows to inject code and establish, likely, a reverse shell in the CI...
MAL-2026-3083 Malicious code in elementary-data (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 96dc65f67f54411d3de6b23a33a8f73665e2703d7261b7f1720cdc089c528eea Versions 0.23.3 were compromised. A threat actor exploited a vulnerability in the CI workflows to inject code and establish, likely, a reverse shell in the CI...
PT-2024-40490 · Pypi · Pyo3
Name of the Vulnerable Software and Affected Versions: PyO3 versions 0.23.0 through 0.23.2 Description: The issue arises from a regression in the PYO3 CONFIG FILE environment variable, which is used to configure builds. This regression causes PyO3 to fail to reconfigure and recompile when the...