CVE-2026-54324

CVE-2026-54324 affects Daytona API service (NestJS) used in Daytona’s notification WebSocket gateway. The cross-tenant flaw allowed any authenticated user to join another organization’s realtime channel by binding a client-supplied organization ID to the corresponding room without verifying membe...

CVE-2026-53923

vLLM is an inference and serving engine for large language models LLMs. From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via...

Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape

Summary A sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volu...

GHSA-FJV8-J4P5-CR9M Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape

Summary A sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volu...

OpenStack Nova: Nova scheduler hint injection bypasses Placement resource claims and scheduling constraints

Affects - Nova: =18.0.0 =32.0.0 =33.0.0 33.0.2 Description Erichen from the Institute of Computing Technology, Chinese Academy of Sciences reported that Nova's server create API does not strip internal scheduler hints. An authenticated user can bypass Placement resource claims and scheduling...

EUVD-2026-36461

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

EUVD-2026-36031

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

CVE-2026-53473

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

CVE-2026-53473 Migration-planner-ui-app: stored xss via javascript: url in agent credential link

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

EUVD-2026-36029

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

Migration Planner UI 跨站脚本漏洞

The Migration Planner UI is an open-source migration planning front-end tool developed by KubeV2V. The Migration Planner UI has a cross-site scripting vulnerability. This vulnerability arises from the ability of attackers to register malicious discovery agents containing JavaScript code. When an...

PT-2026-48446

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

GHSA-QM33-P5P9-F8VG nebula-mesh: GET /api/v1/audit-log discloses all entries to any operator

internal/api/audit.go:12 — handleGetAuditLog does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via store.ListAuditEntries up to limit=1000. This includes cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP entrie...

PT-2026-47578

internal/api/audit.go:12 — handleGetAuditLog does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via store.ListAuditEntries up to limit=1000. This includes cross-tenant actor names, host/CA/operator IDs, action timestamps, and masked-IP entrie...

PT-2026-47623

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.1 Description The handleGetAuditLog function in internal/api/audit.go fails to perform an administrative privilege check. While the endpoint is protected by bearer authentication, any valid operator API key...

PT-2026-46897

Name of the Vulnerable Software and Affected Versions OpenMeter affected versions not specified Description An authenticated tenant can perform SQL injection through the valueProperty or groupBy fields of the 'POST /api/v1/meters' endpoint. The issue occurs because the application uses string...

EUVD-2026-33445

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

CVE-2026-9831

The CVE-2026-9831 entry describes a race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path. Under high-concurrency traffic, requests authenticated with an Extreme Platform ONE /IAM API key could intermittently return data for a different tenant, indicating cross...

CVE-2026-45296

OpenReplay before 1.26.0 exposes cross-tenant risks via the Python API app_apikey routes that trust a caller-provided projectKey after validating only the API key and existence of the projectKey. The authorization flow fails to bind the authenticated API key to the correct tenant, enabling an att...

CVE-2026-9152 Unauthenticated SOAP Endpoint in Altium 365 SearchService Allows Cross-Tenant Data Exfiltration and Index Destruction

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...