CVE-2026-25177

Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network...

Digital Photo Frame GH-WDF10A vulnerable to improper access restriction

Overview Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains the following vulnerability. Active debug code CWE-489 - CVE-2026-33201 Koki Takase reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

CVE-2026-33201

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges...

CVE-2026-33201

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges...

Rails 安全漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. Vulnerabilities exist in versions of Rails Active Storage prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stem from the lack of restrictions on the number ...

PT-2026-28199

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges...

CVE-2026-29785

A flaw was found in NATS-Server. A remote attacker can exploit this vulnerability by connecting to a NATS-Server instance where the 'leafnode' configuration is enabled and compression is active. This pre-authentication flaw allows the attacker to trigger a server crash, resulting in a Denial of...

GHSA-P9FM-F462-GGRG Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests

Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. Releases The fixed...

Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests

Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. Releases The fixed...

EUVD-2026-15806

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

CVE-2026-27659

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to properly validate CSRF tokens in the /api/v4/accesscontrolpolicies/policyid/activate endpoint, which allows an attacker to trick an admin into changing access control policy active status via a craft...

CVE-2026-27659

Mattermost CSRF in UpdateAccessControlPolicyActiveStatus: versions 11.2.x ≤ 11.2.2, 10.11.x ≤ 10.11.10, 11.4.x ≤ 11.4.0, 11.3.x ≤ 11.3.1 fail to validate CSRF tokens on /api/v4/access_control_policies/{policy_id}/activate, enabling an attacker to trick an admin into changing an access control pol...

SUSE CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

SUSE CVE-2026-33173

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the...

SUSE CVE-2026-33174

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request...

SUSE CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

SUSE CVE-2026-33195

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path...

SUSE CVE-2026-33202

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled inp...

Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests

Impact Active Storage’s proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2026-33176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1,...