CVE-2026-7702

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

CVE-2026-7702 toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

[SECURITY] Fedora 42 Update: docker-buildkit-0.26.3-1.fc42

Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit...

[SECURITY] Fedora 43 Update: docker-buildkit-0.26.3-1.fc43

Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit...

Fedora 43 : docker-buildkit (2025-94f9b9b1b1)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-94f9b9b1b1 advisory. - Update to release v0.26.3 - Resolves CVE-2024-25621: rhbz2419004, rhbz2419033, rhbz2419427 - Upstream fix Tenable has extracted the preceding...

CRLF Injection

Overview aioftp is a ftp client/server for asyncio Affected versions of this package are vulnerable to CRLF Injection via the aioftp.Client.command method that lacks checks for CR/LF characters in command strings. An attacker can add the \r\n characters and inject additional headers in the FTP...

[SECURITY] Fedora 40 Update: rust-gitui-0.26.3-6.fc40

Blazing fast terminal-ui for git...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the APIExport VirtualWorkspace. An attacker can create and delete objects in arbitrary target workspaces without the necessary permissions by exploiting this vulnerability. Workaround This vulnerability ca...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the APIExport VirtualWorkspace. An attacker can create and delete objects in arbitrary target workspaces without the necessary permissions by exploiting this vulnerability. Workaround This vulnerability ca...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the APIExport VirtualWorkspace. An attacker can create and delete objects in arbitrary target workspaces without the necessary permissions by exploiting this vulnerability. Workaround This vulnerability ca...

kcp 授权问题漏洞

kcp is kcp-dev open source a Kubernetes-like control plane for Kubernetes and containers. An authorization issue vulnerability exists in kcp versions prior to 0.26.3, which stems from APIExport VirtualWorkspace allowing objects to be created or deleted in an arbitrary target workspace, potentiall...