57352 matches found
CVE-2026-2108
The CVE-2026-2108 entry covers jsbroks COCO Annotator up to version 0.11.1. The vulnerability affects the Endpoint component’s /api/info/long_task, where manipulation can cause a denial of service. It is remotely exploitable and has been publicly disclosed; multiple sources note no vendor respons...
SUSE CVE-2026-25538
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...
PT-2026-6917
Name of the Vulnerable Software and Affected Versions jsbroks COCO Annotator versions up to 0.11.1 Description A flaw exists in jsbroks COCO Annotator that allows for improper authorization. This issue is related to the manipulation of the ID argument within an unknown function of the /api/undo/...
PT-2026-6928
Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description WeKan contains an authorization issue in certain card update API paths. These paths only validate read access to a board instead of requiring write permission. This allows users with read-only roles to...
Keylime Missing Authentication for Critical Function and Improper Authentication
Impact The Keylime registrar does not enforce mutual TLS mTLS client certificate authentication since version 7.12.0. The registrar's TLS context is configured with ssl.CERTOPTIONAL instead of ssl.CERTREQUIRED, allowing any client to connect to protected API endpoints without presenting a valid...
Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...
CVE-2026-25729
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...
CVE-2026-25729
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...
CVE-2026-25729 DeepAudit Affected by User Enumeration via Broken Access Control
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresse...
CVE-2026-25632 EPyT-Flow has unsafe JSON deserialization (__type__)
EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...
GHSA-RJV5-9PX2-FQW6 Gogs has authorization bypass in repository deletion API
Summary The DELETE /api/v1/repos/:owner/:repo endpoint lacks necessary permission validation middleware. Consequently, any user with read access including read-only collaborators can delete the entire repository. This vulnerability stems from the API route configuration only utilizing the...
Gogs has authorization bypass in repository deletion API
Summary The DELETE /api/v1/repos/:owner/:repo endpoint lacks necessary permission validation middleware. Consequently, any user with read access including read-only collaborators can delete the entire repository. This vulnerability stems from the API route configuration only utilizing the...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the UpdateRepoFile function. An attacker can execute arbitrary system commands by updating files within the .git directory remotely via API router. This vulnerability is a bypass for the one addressed in...
Gogs's update .git/config file allows remote command execution
Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...
GHSA-GG64-XXR9-QHJP Gogs's update .git/config file allows remote command execution
Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...
USN-8015-3 linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - iouring subsystem; CVE-2025-38561, CVE-2025-39698, CVE-2025-40019...
USN-8015-3: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - iouring subsystem; CVE-2025-38561, CVE-2025-39698, CVE-2025-40019...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.1 Vulnerability Details CVEID:CVE-2023-39804 DESCRIPTION: In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVSS Source: IBM X-Force CVSS Base...
CVE-2026-2103 Use of Hard-Coded Cryptographic Key for Password Storage
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...
CVE-2026-2103
Infor SyteLine ERP is affected by CVE-2026-2103 due to hard-coded static cryptographic keys used to encrypt stored credentials (passwords, DB connection strings, API keys). The keys are identical across all installations, enabling an attacker with access to the application binary and database to ...