65 matches found
CVE-2026-15043
A flaw was found in DBI::SQL::Nano, a mini-SQL engine for Perl. This vulnerability occurs because the engine incorrectly evaluates SQL operators for text comparisons, specifically inverting the logic for "less than or equal to" and "greater than or equal to" operations. This can lead to...
CVE-2026-48811
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...
PT-2026-44996
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...
LinkAce 安全漏洞
LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object reference vulnerabilities in the authorization poli...
PT-2026-44542
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by other users. The affected resource types are links, lists...
SUSE CVE-2026-39350
Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. Because . is...
Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots
Impact The serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. Because . is a valid character in a service account name, an AuthorizationPolicy ALLOW rule targeting SA e.g. cert-manager.io also matches cert-manager-io,...
EUVD-2026-23128
Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots...
CVE-2026-39350
Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. Because . is...
CVE-2026-39350 Istio AuthorizationPolicy Incorrect Regex Matching of Dots in serviceAccounts Fields Allows Policy Bypass
Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. Because . is...
CVE-2026-39350 Istio AuthorizationPolicy Incorrect Regex Matching of Dots in serviceAccounts Fields Allows Policy Bypass
Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. Because . is...
CVE-2026-39350 Istio AuthorizationPolicy Incorrect Regex Matching of Dots in serviceAccounts Fields Allows Policy Bypass
Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. Because . is...
PT-2026-33182
Name of the Vulnerable Software and Affected Versions Istio versions 1.25.0 through 1.27.8 Istio versions 1.28.0 through 1.28.5 Istio versions 1.29.0 through 1.29.1 Description In the AuthorizationPolicy, the serviceAccounts and notServiceAccounts fields incorrectly interpret dots . as regular...
OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement
Summary Nostr inbound DM handling could perform crypto and dispatch work before sender and pairing policy enforcement, enabling unauthorized pre-auth computation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
Access Control Bypass
Overview org.keycloak:keycloak-authz-policy-common is a KeyCloak AuthZ: Common Policy Providers Affected versions of this package are vulnerable to Access Control Bypass via insufficient authorization checks on the /admin/realms/realm/roles endpoint. A remote authenticated attacker with...
EUVD-2021-1611
Malware in sbrugna...
EUVD-2015-2246
Malware in sbrugna...
EUVD-2022-2845
Malicious code in bioql PyPI...
EUVD-2022-26891
Malicious code in bioql PyPI...
NetScaler-13.1-How to implement authorization policy for Oauth user groups
In Oauth response, the user groups can be carried in the response with customized field. However, we can't relate the string of group to the group attribute of the user. We may have question for how to apply authorization policy for Oauth user groups. In this example, the default authorization...