202 matches found
CVE-2026-56284
Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...
CVE-2026-13455
A flaw was found in PostgreSQL Anonymizer. Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows an attacker to perform an offline brute-force attack to deduce the salt, potentially leading to information disclosure. Mitigation...
CVE-2026-13455
PostgreSQL Anonymizer contains a vulnerability in the anon.hash() function where unprivileged masked users can repeatedly call anon.hash(), collecting (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt. Affected component: PostgreSQL Anonymizer. Root cause: exp...
CVE-2026-13455
PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...
PT-2026-53898
Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.2 Description Unprivileged masked users can repeatedly call the anon.hash function to collect seed and hash output pairs. This allows for an offline brute-force attack to deduce the salt...
CVE-2026-53155
In Linux kernels, CVE-2026-53155 relates to mm/huge_memory and device-private PMD entries. A commit (65edfda6f3f2) updated set_pmd_migration_entry() to use pmdp_huge_get_and_clear() in the softleaf case but did not adjust the function fully, causing incorrect use of pmd_write(), pmd_soft_dirty(),...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: migrate: corrected lock ordering for hugetlb file folio operations Syzbot has identified a deadlock analyzed by Lance Yang: 1 Task 5749: Holds foliolock, then attempts to acquire immaprwsem read lock. 2 Task 5754: Holds...
PT-2026-51149
Name of the Vulnerable Software and Affected Versions capgo versions prior to 12.128.2 Description An authorization bypass exists in several Supabase PostgREST RPC functions: get app metrics, get global metrics, and get total metrics. These functions are granted to the anon role without enforcing...
CVE-2026-11345 Improper Authentication Bypass in linqi CDN File Access
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...
CVE-2026-11345 Improper Authentication Bypass in linqi CDN File Access
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not ASSERT if the newly created subvolume has already been read. BUG There is a syzbot crash, triggered by the ASSERT during subvolume creation: Assertion failed: !anondev, in fs/btrfs/disk-io.c:1319 ----------- kernel...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: x86/mm/pat: fixed the handling of VMPAT in COW mappings. The handling of VMPAT does not work correctly in COW mappings: the first PTE or, in fact, all PTEs can be replaced during write faults, causing them to point to anonymou...
CVE-2025-41355
Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...
CVE-2025-41356
Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...
CVE-2025-41357
Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...
EUVD-2025-209139
Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...
CVE-2025-41355
Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...
CVE-2025-41356
Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...
CVE-2025-41357
Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...
CVE-2025-41357 Reflected Cross-Site Scripting on Anon Proxy Server
Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...