18368 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /SyncPlay/New endpoint. An attacker can exhaust system memory and disrupt service availability by submitting excessively large SyncPlay group names in POST requests to the...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /Videos/itemId/Subtitles endpoint due to insufficient validation of the Format field, which allows path traversal via the file extension and enables arbitrary file write. An attacker can...
Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access
Summary A Server-Side Request Forgery SSRF vulnerability in Kyverno's CEL HTTP library pkg/cel/libs/http/ allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests from the Kyverno admission controller. This enables unauthorized access to internal services in...
CVE-2026-40109
Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...
EUVD-2026-22505
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
EUVD-2026-22445
Integer underflow wrap or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php
A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...
EUVD-2026-22301
A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...
Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php
A Broken Object-Level Authorization BOLA in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request...
EUVD-2026-22300
A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...
GHSA-RM5F-3C25-P4CW Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php
A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...
CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
CVE-2026-32076
CVE-2026-32076 describes an out-of-bounds read in the Windows Storage Spaces Controller that enables an authorized local attacker to elevate privileges. The vulnerability is tied to the Storage Spaces Controller component and is documented across multiple sources (NVD/NVD-affiliated listings, Red...
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
CVE-2026-27907
CVE-2026-27907 is a Windows Storage Spaces Controller elevation-of-privilege vulnerability caused by an integer underflow. Exploitation would require local access with low privileges. Publicly available sources confirm the issue and that Microsoft released fixes (e.g., KB5082060 for Windows Serve...
Authorization Bypass Through User-Controlled Key
Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in...
Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()
...