17 matches found
CVE-2026-55689
OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when OpenFGA is configured to use OIDC authentication authn.method=oidc, authn.oidc.issuer set but authn.oidc.audience is left unset, the JWT audience claim on incoming bearer tokens is not validated. As a result...
OpenFGA: OIDC audience validation skipped when --authn-oidc-audience is unset
Description OpenFGA's OIDC authenticator skipped JWT audience aud validation when no audience was configured. In deployments where one identity provider issues tokens for multiple services, a token minted for an unrelated service could authenticate to OpenFGA. Preconditions This applies if the...
CVE-2026-44651
SillyTavern’s CVE-2026-44651 affects the CORS proxy middleware (src/middleware/corsProxy.js). Before version 1.18.0, when fetch(url) throws, the code writes a 500 error response that includes the attacker-controlled url directly in plain text: "Error occurred while trying to proxy to: " + url + …...
EUVD-2026-33402
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data user handle,...
CVE-2026-44652 SillyTavern: SSRF vulnerability in the CORS proxy middleware
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params.url directly into fetchurl, .... It only blocks circular...
CVE-2026-27023
Twenty CRM prior to v1.18 had SSRF protection in SecureHttpClientService that failed to validate redirect targets. An authenticated user controlling outbound URLs could bypass private IP blocking by redirecting via an attacker-controlled server, enabling SSRF. The issue is fixed in v1.18. Affecte...
EUVD-2026-9845
Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...
SUSE-SU-2026:0558-1 Security update for libnvidia-container
This update for libnvidia-container fixes the following issues: Update to version 1.18.0. Security issues fixed: - CVE-2024-0132: time-of-check time-of-use TOCTOU race condition in default configuration via specifically crafted container image bsc1231033. - CVE-2024-0133: data tampering in host...
CVE-2026-25518
Summary: CVE-2026-25518 affects cert-manager-controller in Kubernetes clusters. In versions 1.18.0–1.18.4 and 1.19.0–1.19.2, the controller performs DNS lookups during ACME DNS-01 processing using unencrypted DNS, allowing an attacker able to intercept DNS traffic from the cert-manager pod to ins...
CVE-2025-66567 ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...
CVE-2025-12826 Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification
The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not verifying that a user has the required capability to perform actions in the "cptuiprocessposttype" function. This makes it possible for...
Linux Distros Unpatched Vulnerability : CVE-2019-12402
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs...
PT-2024-36093 · Unknown · Roninwp Revy
Name of the Vulnerable Software and Affected Versions: Roninwp Revy versions 1.18 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This vulnerability affects the Roninwp Revy...
ELECOM WRC 代码注入漏洞
The ELECOM WRC is a home-applicable network camera from ELECOM Japan. A code injection vulnerability exists in ELECOM WRC-1167FEBK-A v1.18 and earlier versions, which stems from the presence of a code injection that allows network-adjacent authenticated attackers to execute arbitrary operating...
PT-2022-4638 · Go +9 · Compress/Gzip +9
Name of the Vulnerable Software and Affected Versions: compress/gzip versions prior to 1.17.12 compress/gzip versions prior to 1.18.4 Description: The issue is related to uncontrolled recursion in the Reader.Read function of the compress/gzip package in the Go programming language. This can be...
AZL-43909 CVE-2021-44716 affecting package buildah 1.18.0-29
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...
CVE-2020-25013
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler...