57254 matches found
GHSA-J4J7-VW47-RHFQ vulnerabilities
Vulnerabilities for packages: flux-notification-controller, temporal-server, kubernetes-event-exporter, sops, kaf, pulumi-language-dotnet, crossplane-provider-aws-lambda, cluster-autoscaler, cluster-api-azure-controller, opentelemetry-collector-contrib, rancher-webhook, terraform-provider-random,...
New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
Research: TeamCity Authentication Bypass CVE-2024-27198 Simu...
curl: CURLOPT_UNRESTRICTED_AUTH Dangerous Default Documentation Gap
Summary: CURLOPTUNRESTRICTEDAUTH=1 instructs libcurl to send credentials to ALL hosts during redirect chains, 'possibly again and again as the following hosts can keep redirecting to new hosts.' The documentation explicitly warns this is dangerous, but the default behavior is also risky: curl onl...
CVE-2026-3789
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...
CVE-2026-3795
A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack can be initiated remotely. The exploit has been released to the public and may...
CVE-2026-27686 Missing Authorization check in SAP Business Warehouse (Service API)
Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...
CVE-2026-27686 Missing Authorization check in SAP Business Warehouse (Service API)
Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...
CVE-2026-27686
Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...
CVE-2026-27686
SAP Business Warehouse (Service API) is affected by CVE-2026-27686 due to a Missing Authorization Check. An authenticated attacker could use an affected RFC function module to perform unauthorized configuration and control changes, potentially disrupting request processing and causing denial of s...
PT-2026-24191
Name of the Vulnerable Software and Affected Versions OneUptime affected versions not specified Description The 'resend-verification-code' endpoint in OneUptime allows an authenticated user to trigger a verification code resend for any UserWhatsApp record by its itemId. A critical flaw exists...
PT-2026-24162
Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...
PT-2026-24476
Name of the Vulnerable Software and Affected Versions Sylius versions prior to 2.0.16 Sylius versions prior to 2.1.12 Sylius versions prior to 2.2.3 Description Sylius, an Open Source eCommerce Framework on Symfony, contains a cross-site scripting XSS issue in the shop checkout login form. The...
ROS-20260310-73-0037
A vulnerability in the Background Fetch API of the Google Chrome browser is related to errors in the implementation of security checks for standard elements. Exploitation of the vulnerability allows an attacker acting remotely to disclose protected information using a specially crafted HTML page...
PT-2026-24877
CVE-2026-3929 Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. … https://t.co/Eu1lU8NeVv...
CVE-2026-30862 Critical Stored XSS & Privilege Escalation in Appsmith
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget TableWidgetV2. The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be...
CVE-2026-30862
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget TableWidgetV2. The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be...
EUVD-2026-10351
A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...
CVE-2026-31816
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized middleware that protects every server-side API endpoint can be completely bypassed by appending a webhook path pattern to the query string of any...
CVE-2026-25045
Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...