CVE-2026-42083

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer, the smPolicyGroup route group is created and routes are...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from SMF failing to include the necessary inbound OAuth2 middleware when mounting UPI management routing groups. Th...

Incorrect Authorization

Overview next is a react framework. Affected versions of this package are vulnerable to Incorrect Authorization in the /next/data//.json route when i18n is configured and authorization is enforced via middleware or proxy. An attacker can gain unauthorized access to sensitive server-side-rendered...

PT-2026-38368

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The PCF Npcf SMPolicyControl service lacks authentication middleware in the NewServer function, where the smPolicyGroup route group is created without attaching the RouterAuthorizationCheck middlewar...

SUSE CVE-2026-31801

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot's dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

CVE-2026-31801 zot create-only policy allows overwrite attempts of existing latest tag (update permission not required)

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

PT-2026-24461

Name of the Vulnerable Software and Affected Versions zot versions 1.3.0 through 2.1.14 Description zot is a container image/artifact registry based on the Open Container Initiative Distribution Specification. The dist-spec authorization middleware incorrectly infers the required action for PUT...

Gravitl Netmaker 安全漏洞

Gravitl Netmaker is a platform developed by the American company Gravitl, which uses WireGuard to create and manage fast, secure, and dynamic virtual overlay networks. It is used to create and control automated virtual networks. Versions of Gravitl Netmaker prior to 1.5.0 contained security...

CVE-2026-25875

PlaciPy 1.0.0 is affected by CVE-2026-25875 where the admin authorization middleware trusts client-controlled JWT claims (role and scope) without server-side verification. This can enable privilege escalation or unauthorized admin-level actions by an attacker presenting manipulated JWTs. The CVSS...

OpenCloud Reva has a Public Link Exploit

Impact A security issue was discovered in Reva based products that enables a malicious user to bypass the scope validation of a public link, allowing it to access resources outside the scope of a public link. Details Public link shares in OpenCloud are bound to a specific scope usually a file or...

EUVD-2021-0631

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-22942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A possible open redirect vulnerability in the Host Authorization middleware in Action Pack = 6.0.0 that could allow attackers to redirect users to a malicious...

CVE-2024-4146

In lunary-ai/lunary version v1.2.13, an incorrect authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...

CVE-2024-4146

In Lunary (lunary-ai/lunary) v1.2.13, CVE-2024-4146 describes an incorrect authorization vulnerability in the checkProjectAccess middleware. The vulnerability relies on only verifying organization membership and fails to enforce explicit project-level permissions checked via the account_project t...

PT-2024-29408 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version v1.2.13 Description: The issue is related to an incorrect authorization vulnerability that allows unauthorized users to access and manipulate projects within an organization they should not have access to. This...

BIT-RAILS-2021-44528

A open redirect vulnerability exists in Action Pack = 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website...

Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs

Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.2.1 may be vulnerable to a remote file existence check exploit if they are not limiting who can query their server for...

SUSE CVE-2021-22942

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack = 6.0.0 that could allow attackers to redirect users to a malicious website...

Open Redirect

rails is vulnerable to open redirect. A remote attacker is able to redirect users to a malicious websites via a crafted X-Forwarded-Host header in combination with a certain "allowed host" format in host authorization middleware...

CVE-2021-44528

A open redirect vulnerability exists in Action Pack = 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website...