689 matches found
Apache Apisix 安全漏洞
Apache APISIX is a cloud-native microservices API gateway service provided by the Apache Foundation in the United States. This software is implemented based on OpenResty and etcd, featuring dynamic routing and hot loading of plugins. It is suitable for API management within microservice systems...
CVE-2026-27949
Affected software: Plane (open‑source project management tool). Vulnerability: Before v1.3.0, the authentication flow exposed the user’s email address as a query parameter in the URL during error handling (e.g., invalid magic code submissions), revealing PII via GET queries. Location of root caus...
Code-Projects Online FIR System 安全漏洞
Code-Projects Online FIR System is an open-source online FIR system developed by Code-Projects. Version 1.0 of the code-projects Online FIR System contains a security vulnerability. This vulnerability stems from the unsafe storage of the/complaints.sql file in the SQL database backup processing...
CVE-2026-3774
Foxit PDF Editor/Reader (pre-2026.1) is affected by CVE-2026-3774 due to PDF JavaScript and document/print actions (WillPrint/DidPrint) updating form fields, annotations, or OCGs around redaction, encryption, or printing. The script-driven updates are not fully covered by the existing redaction/e...
PT-2026-29434
The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...
GHSA-JJP7-G2JW-WH3J Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite
Summary Any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via GET /api/v1/knowledge/id/files a...
CVE-2026-20633
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data...
CVE-2026-28824
CVE-2026-28824 is an Apple macOS vulnerability described as an authorization issue addressed by improved state management. The CVE affects macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4, with the impact that an app may be able to access sensitive user data. The primary technical ...
CVE-2026-20694
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...
EUVD-2026-15068
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...
DarkSword iPhone Exploit Leaked Online, Hundreds of Millions at Risk
DarkSword exploit leak puts up to 270 million iPhones at risk, with hackers able to access data through…...
CKAN MCP Server 代码问题漏洞
CKAN MCP Server is an open-source tool developed by onData, designed for natural language queries between AI assistants and open data platforms. Versions of CKAN MCP Server prior to 0.4.85 contained code vulnerabilities. These vulnerabilities stemmed from insufficient validation of the baseurl...
CVE-2025-71257
BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality a...
CVE-2026-28500
CVE-2026-28500 affects ONNX up to v1.20.1 where onnx.hub.load() bypasses security checks due to flawed repository trust logic. The silent=True flag silences warnings and prompts, enabling a vector for zero-interaction supply-chain attacks. When combined with filesystem vulnerabilities, an attacke...
CVE-2026-30859
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...
PT-2026-23630
Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 2.04 Description TinyWeb, a web server for Win32, is susceptible to a header value confusion issue due to insufficient sanitization of control characters CR, LF, and NUL, including encoded forms like %0d, %0a, and %00...
IBM MQ Appliance 加密问题漏洞
IBM MQ Appliance is an IBM software that is pre-installed on specialized, secure hardware. Versions of IBM MQ Appliance 9.4 CD 9.4.4.1 and earlier have a security vulnerability due to the use of encryption algorithms that are weaker than expected. This vulnerability may allow attackers to decrypt...
CVE-2026-28216 hoppscotch has IDOR in updateUserEnvironment / deleteUserEnvironment
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. user-environments.resolver.ts:82-109, updateUserEnvironment mutation uses @UseGuardsGqlAuthGuard but is missing the @GqlUser...
CVE-2025-62878
The CVE-2025-62878 exposure is a path traversal flaw in the Local Path Provisioner (rancher.io/local-path) via the parameters.pathPattern in StorageClass. A malicious user can craft pathPattern (using relative segments like ../) to cause PersistentVolumes to target arbitrary host paths, e.g., ove...
CVE-2026-27732 AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php
WWBN AVideo is an open source video platform. Prior to version 22.0, the aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests ...