52 matches found
Roxy-WI 安全漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of role and group checks in the installation process for Blueprint endpoints. Any...
CVE-2026-40214
In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...
CVE-2026-28873
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...
CVE-2026-44335 SSRF bypass in PraisonAI
PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the GET /api/v1/stable/dags/tasks endpoint via improper tenant checks in the listTasksByDAGIds function. An attacker can access sensitive task metadata belonging to other tenants by...
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the permission checking logic when changing the parent project ID, which was inconsistent with the recursive...
Rack 信息泄露漏洞
Rack is a modular Ruby web server interface developed by Rack authors. Versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6 contained an information leakage vulnerability. This vulnerability stemmed from Rack::Static’s use of simple string prefix checks to determine whether a request should be...
CVE-2026-28431
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...
FreeRDP 安全漏洞
FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.23.0 contained a security vulnerability, which was caused by the lack of boundary checks in smartcardunpackreadsizealign, potentially leading to client crashes...
CVE-2025-14067
The Easy Form Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve...
Unity Linux 20.1070e Security Update: rpm (UTSA-2025-680608)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680608 advisory. It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A...
CVE-2015-7229
The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the 1 "post to twitter" permission or change the options...
webkitgtk: A malicious website may exfiltrate data cross-origin
A flaw was found in WebKitGTK. A malicious website may steal data cross-origin due to improper security checks within the web browser or rendering engine, leading to unauthorized disclosure of information...
CVE-2024-45081
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated user to modify restricted content due to incorrect authorization checks...
PT-2024-6711
Name of the Vulnerable Software and Affected Versions: Google Chrome affected versions not specified Microsoft Edge affected versions not specified Description: The issue is related to incorrect security checks for standard elements in the V8 JavaScript engine handler. This could allow a remote...
The vulnerability of the WorkBench64 module in the GENESIS64 SCADA system allows a intruder to disclose protected information.
The vulnerability of the WorkBench64 module in the GENESIS64 SCADA system is related to improper security checks for standard elements. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...
Palo Alto Networks Cortex XDR Security Vulnerability
Palo Alto Networks Cortex XDR is an extended detection and response platform that natively integrates network, endpoint, cloud, and third-party data from U.S.-based Palo Alto Networks. A security vulnerability exists in Palo Alto Networks Cortex XDR that stems from improper file signature checkin...
PT-2024-2446 · Microsoft +1 · Azure-C-Shared-Utility +1
Name of the Vulnerable Software and Affected Versions: azure-c-shared-utility affected versions not specified Description: The azure-c-shared-utility library has a vulnerability related to the parameter checking mechanism, which can cause an integer wraparound, under-allocation, or heap buffer...
PT-2024-1557 · Lenovo · Lenovo Vantage
Name of the Vulnerable Software and Affected Versions: Lenovo Vantage affected versions not specified Description: The issue is related to errors in the certificate authentication procedure of the Lenovo Vantage Service utility for optimizing BIOS driver automatic update procedures. It allows a...
UNISOC Chipsets Buffer Error Vulnerability
UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in UNISOC Chipsets due to a lack of boundary checking in the camera driver, which may result in out-of-bounds reads...