SQL Injection

Overview @mikro-orm/mariadb is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Supports MongoDB, MySQL, PostgreSQL and SQLite databases as well as usage with vanilla JavaScript. Affected versions of this package are vulnerable to SQL Injection via the...

CVE-2026-23292

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in configfsopenfile In flushwritebuffer, &p-fragsem is acquired and then the loaded store function is called, which, here, is targetcoreitemdbrootstore. This function called filpopen, following...

CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

CVE-2026-22180 OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations

OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 7.1.2-16 and 6.9.13-41 contained security vulnerabilities. These vulnerabilities stemmed...

EUVD-2026-9849

Incorrect Authorization vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.API.OAuthController' module allows Privilege Escalation. An API key created with read-only permissions domain: "api", resource: "read" can be escalated to full write access under specific conditions. When exchanging a...

CVE-2026-23232

In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: block cache/dio write during f2fsenablecheckpoint" This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a. Original patch may cause below deadlock, revert it. write remount - writebegin - lockpage --- lock A -...

PT-2026-22921

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The f2fs file system in the Linux kernel contains a flaw related to out-of-bounds memory access and incorrect handling of integer values when reading and writing sysfs attributes...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel, particularly related to improper handling of integer operations and out-of-bounds access during read and write...

EUVD-2026-4872

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

SUSE-SU-2026:20155-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2026-22695: Fixed heap buffer over-read in pngimagefinishread bsc1256525. - CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in pngimagewrite bsc1256526...

RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation

Summary The ImportIam admin API validates permissions using ExportIAMAction instead of ImportIAMAction, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data performs privileged write actions creating/updating users, groups, policies, and...

ansible-automation-platform/aap-gateway: aap-gateway: Read-only Personal Access Token (PAT) bypasses write restrictions

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

CVE-2025-14025 Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

CVE-2025-14025 Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions

A flaw was found in Ansible Automation Platform AAP. Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services e.g., Controller, Hub, EDA. If thi...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from bmregisterwrite not restoring file write permissions, which could cause subsequent write operations to fail...

CVE-2025-65594

OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users...

CVE-2025-65594

OpenSIS 9.2 and earlier are vulnerable to Incorrect Access Control in Student.php, enabling an authenticated low-privilege user to perform unauthorized database writes on other users’ data. Root cause: insufficient access control in the Student.php component. Affected: OpenSIS

Red Hat Ansible Automation Platform 安全漏洞

Red Hat Ansible Automation Platform Red Hat AAP is a unified solution for strategic automation from Red Hat, Inc. A security vulnerability exists in Red Hat Ansible Automation Platform Red Hat AAP, which originates in aap-gateway, where an authenticated attacker who already has administrative...

CVE-2025-47357 Missing Authentication for Critical Function in SMSS

Information Disclosure when a user-level driver performs QFPROM read or write operations on Fuse regions...