73 matches found
PT-2026-56245
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description A share mode chart data interface fails to validate whether the tableId and field IDs provided in the request body belong to the shared resource. It only verifies that the sceneId matches the...
PT-2026-56252
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description An authenticated user capable of creating or modifying chart definitions, or submitting chart data requests containing quota filters, can inject SQL into queries executed against configured...
PT-2026-52313
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter module where the nft exthdr init function passes a user-controlled priv-len variable to nft parse register store, which marks a specific number of bytes ...
CVE-2026-40904
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...
CVE-2026-44573
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...
GHSA-3G8H-86W9-WVMQ Next.js's Middleware / Proxy redirects can be cache-poisoned
Impact Next.js uses the x-nextjs-data request header for internal data requests. On affected versions, an external client could send this header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the request as a data...
CVE-2026-40904 Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checks
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...
EUVD-2026-26411
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...
CVE-2026-40904
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...
PT-2026-36164
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...
CVE-2026-34121
An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...
Here’s What a Google Subpoena Response Looks Like, Courtesy of the Epstein Files
The US Justice Department disclosures give fresh clues about how tech companies handle government inquiries about your data...
FastGPT 跨站请求伪造漏洞
FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.7 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the fact that the web scraping node and HTTP nodes...
CVE-2020-37008 EasyPMS 1.0.0 - Authentication Bypass
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000909)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000909 advisory. Off-by-one error in the getprngbytes function in crypto/ansicprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002399)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002399 advisory. Off-by-one error in the getprngbytes function in crypto/ansicprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat...
CVE-2025-8075
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...
CVE-2025-11230 Denial of service vulnerability in HAProxy mjson library
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests...
CVE-2025-47711
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error,...
Unbounded Disk Consumption
github.com/t2bot/matrix-media-repo is vulnerable to Unbounded Disk Consumption. The vulnerability is MMR's lack of proper rate limiting and controls on the amount of data that can be requested and cached, allowing unauthenticated users to request excessive amounts of remote media files...