52 matches found
CVE-2026-49872
Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...
CVE-2026-49872
Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...
CVE-2026-49872
The CVE-2026-49872 entry concerns Apache APISIX and its cas-auth plugin. Affected versions are 3.0.0 through 3.16.0; the issue is an improper authentication flaw where, when cas-auth is used on a route, an attacker may authenticate using credentials from a different source. The public documentati...
EUVD-2026-38015
Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...
PT-2026-50899
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description Improper Authentication occurs when the cas-auth plugin is used in a route, potentially allowing an attacker to authenticate using credentials from a different source. Recommendations...
PT-2026-50886
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.14.1 through 3.16.0 Description An incorrect authorization issue exists in the authz-casdoor plugin when using the default configuration. This allows an attacker to authenticate using credentials from a different sourc...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation for untrusted inputs in the Network component. It could allow remote...
CodexBar 安全漏洞
CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.33.0 contained security vulnerabilities. These vulnerabilities stemmed from credential forwarding, which could allow network adjacent attackers to intercept sensitive...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by improper implementation of WebRTC. This vulnerability could allow remote attackers to leak cross-source data through specially crafted HTML pages...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper SVG implementation. A remote attacker could exploit this vulnerability to leak cross-source data through specially crafted HTML...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper handling of Media objects. A remote attacker could exploit this vulnerability to leak cross-source data through specially craft...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability originated from improper implementations in WebRTC, and it could allow attackers from privileged network locations to leak...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from the improper initialization of ANGLE, which could allow remote attackers to exploit the vulnerability through specially...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper implementation of extensions. A remote attacker could exploit this vulnerability to leak cross-source data through specially...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient trust-based input validation in the Skia component, which could allow remote attackers with access...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from an issue with the ANGLE component where uninitialized variables were used, which could allow remote attackers to exploit the...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from the incomplete initialization of the Dawn component, which could allow remote attackers to exploit the vulnerability through...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by improper Media implementation. This vulnerability could allow remote attackers to leak cross-source data through specially crafted HTML pages...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from improper implementations in the DevTools component, which could allow attackers to trick users into installing...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper implementation of the Media component. Remote attackers could exploit this vulnerability to leak cross-source data through...