browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler

Summary The HTTP handler /log in lib/server.js lines 491–515 of browserstack-runner passes unauthenticated user-supplied data to vm.runInNewContext combined with eval, enabling a sandbox escape and arbitrary code execution on the host system. Details When browserstack-runner starts, it creates an...

GHSA-4G6J-G789-RGHM Nezha's authenticated agents can forge service-monitor results for other users' services

Summary Nezha accepts service-monitor TaskResult messages from an authenticated agent based only on whether the reported service ID exists. The dashboard authenticates the agent and derives the reporter server ID from the gRPC stream, but the service-monitor result worker does not verify that the...

PT-2026-45493

Summary Nezha accepts service-monitor TaskResult messages from an authenticated agent based only on whether the reported service ID exists. The dashboard authenticates the agent and derives the reporter server ID from the gRPC stream, but the service-monitor result worker does not verify that the...

CVE-2026-34263

SAP Commerce Cloud is affected by CVE-2026-34263 due to a Spring Security misconfiguration that allows an unauthenticated user to upload malicious configuration and inject code, enabling arbitrary server-side code execution. The entry states high impact to Confidentiality, Integrity, and Availabi...

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions 3.9.0 and 3.9.1 of JeecgBoot contain access control vulnerability issues. This vulnerability stems from a lack of authentication in the AI Chat Module component’s...

CVE-2026-2165

CVE-2026-2165 affects detronetdip E-commerce 1.0.0. The vulnerability lies in an unknown function of /Admin/assets/backend/seller/add_seller.php where manipulating the email argument can cause missing authentication, enabling a remote exploit. Public exploit exists; the issue was reported early v...

CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes can leave the final partial block unencrypted and unauthenticated. Impact summary: The trailing 1-15 bytes of a message may be exposed i...

GHSA-J8HF-CP34-G4J7 Dragonfly Manager Job API Unauthenticated Access

Summary Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption. Affected Products - Product: Dragonfly - Component:...

HAMASTAR MeetingHub Access Control Vulnerability

HAMASTAR MeetingHub is a paperless conference system developed by HAMASTAR, a company from Taiwan, China. HAMASTAR MeetingHub has a security vulnerability related to access control, which stems from the lack of authentication. This vulnerability could allow unverified remote attackers to access...

Gotac Statistics Database System Access Control Vulnerability

The Gotac Statistics Database System is a statistical database system developed by Gotac in Taiwan, China. The Gotac Statistics Database System has an access control vulnerability, which stems from the lack of authentication. This vulnerability could allow unverified remote attackers to directly...

CVE-2025-12476

Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

Sparkle 安全漏洞

Sparkle is a software update framework for macOS open-sourced by the Sparkle Project. A security vulnerability exists in versions prior to Sparkle 2.7.2, which stems from a lack of client-side authentication and could result in local privileges being elevated to root...

Mattermost Confluence Plugin is Missing Authentication for Critical Function

Mattermost Confluence Plugin versions 1.5.0 fail to enforce user authentication of the Mattermost instance, allowing unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

WordPress plugin WP ERP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

SUSE CVE-2018-11770

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

多款Siemens产品跨站请求伪造漏洞

Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site request forgery vulnerability exists in several Siemens products, stemming from a lack of authentication of anti-CSRF tokens or other source checks in the endpoint of the "Operation" Web...

Gin-Vue-Admin 权限许可和访问控制问题漏洞

Gin-Vue-Admin is a full-stack pre-development infrastructure platform based on Vue and Gin development. A permission permission and access control issue vulnerability exists in gin-vue-admin, which stems from a lack of authentication in the setUserInfo function, which allows a low-privileged user...

SAP Netweaver 授权问题漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An authorization issue vulnerability exists in SAP Netweaver AS JAVA P2P Cluster Communication versions 7.11,...

CVE-2020-3556

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listene...