235 matches found
CVE-2026-34038
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution...
CVE-2026-27775
Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...
CVE-2026-27775 Gitea pre-receive hook permission cache allows full repository write access
Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...
CVE-2026-27660
Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...
EUVD-2026-41633
Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...
CVE-2026-27660 Gitea draft releases use insufficient permission checks
Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...
CVE-2026-27660
Gitea before 1.25.5 is affected by an access-control issue in the draft release workflow: draft release data and attachments can be accessed without write permissions due to insufficient permission checks. This is reported for versions prior to 1.25.5, with remediation to upgrade to 1.25.5 or new...
EUVD-2026-39574
A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission or unauthenticated when the registry runs with default...
CVE-2026-56120
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56784...
samba: Missing access check on reparse point operations
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...
CVE-2026-49252
deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can lead to potential privilege escalation from any authenticated user with write permission to any...
PT-2026-50790
Name of the Vulnerable Software and Affected Versions deepstream versions prior to 10.0.5 Description A Prototype Pollution issue exists in the server, which allows clients and backend services to synchronize data, send messages, and make remote procedure calls RPCs at scale. Prototype Pollution...
PT-2026-50478
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An authorization bypass exists in the calendar event update process. The endpoint '/api/v1/calendars/events/event id/update' validates that the user has write access to the calendar where the even...
CVE-2026-47346 TYPO3 CMS - Broken Access Control in Form Framework
Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...
CVE-2026-40344
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...
CVE-2026-42359 Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator
A bug in Apache Airflow's XCom PATCH endpoint PATCH /api/v2/xcomEntries/key allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names e.g. returnvalue that the matching POST endpoint already validated against FORBIDDENXCOMKEYS. The...
CVE-2026-45717
Budibase is an open-source low-code platform. Prior to 3.38.1, Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET...
CVE-2026-45316
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can...
sglang 安全漏洞
SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has a security vulnerability, which stems from unvalidated path traversal in the multimodal generation runtime. This vulnerability could allow attackers to send files ...
EUVD-2026-30660
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can...