324 matches found
OwnCloud - Phpinfo Configuration
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...
Bug-Bounty-Practice-lab
Syntex Solutions — Vulnerable Lab ⚠️ WARNING — FOR AUTHOR...
CVE-2026-33814 affecting package containerized-data-importer for versions less than 1.62.0-6
CVE-2026-33814 affecting package containerized-data-importer for versions less than 1.62.0-6. A patched version of the package is available...
CVE-2026-25680 affecting package containerized-data-importer for versions less than 1.62.0-5
CVE-2026-25680 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...
CVE-2026-42502 affecting package containerized-data-importer for versions less than 1.62.0-5
CVE-2026-42502 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...
CVE-2026-25681 affecting package containerized-data-importer for versions less than 1.62.0-5
CVE-2026-25681 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...
CVE-2026-42506 affecting package containerized-data-importer for versions less than 1.62.0-5
CVE-2026-42506 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...
CVE-2026-27136 affecting package containerized-data-importer for versions less than 1.62.0-5
CVE-2026-27136 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...
CVE-2026-39821 affecting package containerized-data-importer for versions less than 1.62.0-5
CVE-2026-39821 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...
CVE-2026-35469 affecting package containerized-data-importer for versions less than 1.62.0-4
CVE-2026-35469 affecting package containerized-data-importer for versions less than 1.62.0-4. A patched version of the package is available...
CVE-2026-32288 affecting package containerized-data-importer for versions less than 1.62.0-3
CVE-2026-32288 affecting package containerized-data-importer for versions less than 1.62.0-3. A patched version of the package is available...
Medium: cifs-utils
Issue Overview: A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentia...
CVE-2026-41268
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...
aws-mcp-server 操作系统命令注入漏洞
aws-mcp-server is a lightweight service developed by Alexei Ledenev. It enables AI assistants to execute AWS CLI commands through the Model Context Protocol MCP in a secure, containerized environment. aws-mcp-server has an operating system command injection vulnerability, which stems from...
CVE-2026-32747
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin c...
CVE-2026-33046
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...
CVE-2026-33046
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...
CVE-2026-33046
CVE-2026-33046 affects Indico (event management system) where, in versions prior to 3.3.12, TeXLive/LaTeX sanitizer bypass via specially crafted LaTeX snippets could read local files or execute code with server user privileges when server-side LaTeX rendering is enabled (XELATEX_PATH set). If ser...
CVE-2026-33046
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...
CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...