EUVD-2026-29564

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories. The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers e.g., userid, runid, agentid in the request query parameters. A...

CVE-2026-25120

Gogs CVE-2026-25120 affects versions 0.13.4 and earlier. The issue arises in DeleteComment: the API does not verify that the comment belongs to the repository specified in the URL, allowing a repository administrator to delete comments from other repositories by supplying arbitrary comment IDs. T...

EUVD-2020-0279

Malware in sbrugna...

CVE-2020-5230

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directorie...

CVE-2020-5230

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directorie...

Code injection

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directorie...

PT-2018-16216 · Elastic · X-Pack Security

Name of the Vulnerable Software and Affected Versions: X-Pack Security versions 6.2.0 through 6.2.2 Description: The issue allows for a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might impersonate a legitimate user if the SAML Identity Provider...