7 matches found
Roxy-WI 安全漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the PUT /smon/check endpoint, which only verifies that the caller belongs to a certain group...
Plane 安全漏洞
Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.3.1 contained a security vulnerability. This vulnerability stemmed from an oversight in asset authorization across workpaces, allowing any authenticated user to read, copy, delet...
CVE-2026-40591
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customerid, name, toemail, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility...
CVE-2026-23810 Cross-BSSID GTK Re-encryption and Traffic Injection
A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point AP to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key GTK associated with the victim's BSSID...
CVE-2026-23810
CVE-2026-23810 describes a vulnerability in wireless packet processing where an authenticated attacker can craft a malicious Wi‑Fi frame that leads an AP to treat it as group-addressed traffic and re-encrypt using the GTK tied to the victim’s BSSID. This enables GTK‑independent traffic injection ...
GHSA-4XX9-VC8V-87HV Gitea does not properly validate repository ownership when linking attachments to releases
Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users...
PYSEC-2023-200
vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources such as tasks from that collaboration should be deleted. This is partly to manage data properly, but also to prevent a potential but unlikely side-effect that affects versions...