CVE-2026-41317

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS.press.api.account.createapisecret is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit...

CVE-2026-2606

Summary of CVE-2026-2606 (IBM webMethods API Management & Gateway on‑prem): The vulnerability arises from improper validation of user-supplied input in the url parameter of the /createapi endpoint. An attacker can modify the parameter to use a file:// URI schema instead of https://, enabling unau...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. A security bypass vulnerability exists in Apache Airflow, which is...

Enjin: Race Condition on Create API Function

Race Condition on Create API Function A race condition was discovered that allowed users to submit multiple requests within rapid succession to create additional keys beyond the defined limit on the Enjin Platform Cloud service...

CVE-2020-8183

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...