9 matches found
CVE-2026-56321
Capgo backend Supabase edge functions before 12.128.2 does not apply the global authentication middleware to the GET /private/rolebindings/:orgid endpoint, unlike the POST and DELETE rolebindings routes, so unauthenticated requests reach the handler instead of being rejected at the middleware...
CVE-2026-56321
Capgo (backend Supabase edge functions) before 12.128.2 fails to apply the global authentication middleware to GET /private/role_bindings/:org_id, unlike POST/DELETE for the same resource. Unaunthenticated requests reach the handler instead of middleware rejection, but the handler still performs ...
DEBIAN-CVE-2026-48817
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...
CVE-2025-10855
CVE-2025-10855 affects Teknoera (Sovera Software Services Trade Inc.). The vulnerability is described as an Authorization Bypass Through User-Controlled Key and is linked to exploitation of trusted identifiers through Teknoera up to version 01102025. Connected sources (Red Hat, NVD, CIRCL, CVE li...
EUVD-2018-0696
Malware in sbrugna...
EUVD-2024-2475
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-45337
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization...
Important: containerd
Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...
CVE-2024-45337
Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is...