3 matches found
GHSA-QCQW-JWXC-2HQG Lemur has an authorization bypass in StrictRolePermission / AuthorityCreatorPermission
Summary StrictRolePermission and AuthorityCreatorPermission in lemur/auth/permissions.py call flaskprincipal.Permission.init with zero Needs when their config flags are unset. Both flags defaulted to False in code prior to the fix, so this was the state of any Lemur install that hadn't explicitly...
CVE-2026-44649
SillyTavern) vulnerability (CVE-2026-44649) affects SillyTavern before version 1.18.0 where header-based SSO authentication can be bypassed. The root cause is lack of validation that Remote-User (Authelia) and X-Authentik-Username (Authentik) headers originate from a trusted reverse proxy. The lo...
osquery Command And Control: Kolide
osquery Command And Control Kolide is an agentless osquery web interface and remote api server. Kolide uses the osquery remote apis to do ad-hoc distributed queries, osqueryd configurations and the collection and processing of scheduled queries packs. Kolide was designed to be extremely portable ...