PT-2026-41970

Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...

CVE-2026-41948

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

CVE-2026-41948 Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

PT-2026-41675

Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.14.2 Description Insufficient URL path sanitization allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API. By using unencoded dot sequences in task identifiers or...

dify 安全漏洞

dify is an open-source LLM application development platform by LangGenius. Versions of dify prior to 1.14.1 have security vulnerabilities. These vulnerabilities stem from path traversal issues, which may allow authenticated users to manipulate requests redirected to the plugin daemon’s internal...

CLSA-2026-1778881024 quagga: Fix of CVE-2018-5380

CVE-2018-5380: fix BGP NOTIFY debug-print msg array over-read...

Information Exposure

Dgraph is vulnerable to Information Exposure. The vulnerability is due to exposure of process command-line arguments through the unauthenticated /debug/vars endpoint, which allows an attacker to obtain sensitive admin tokens and gain unauthorized access to admin-only endpoints...

Authentication Bypass

Milvus is vulnerable to Authentication Bypass. The vulnerability is due to unauthenticated exposure of the management port 9091 and use of a weak predictable token for the /expr debug endpoint, allowing attackers to access REST API operations, execute arbitrary expressions, and perform unauthoriz...

CVE-2025-0040

Improper access control between the Joint Test Action Group JTAG and Advanced Extensible Interface AXI could allow an attacker with physical access to read or overwrite the contents of cross-chip debug XCD registers potentially resulting in loss of data integrity or confidentiality...

CVE-2025-0040

CVE-2025-0040 describes an improper access control between JTAG and AXI that could let an attacker with physical access read or overwrite cross-chip debug (XCD) registers, potentially affecting data integrity and confidentiality. The vulnerability affects the AMD ecosystem context referenced in A...

CVE-2025-0040

Improper access control between the Joint Test Action Group JTAG and Advanced Extensible Interface AXI could allow an attacker with physical access to read or overwrite the contents of cross-chip debug XCD registers potentially resulting in loss of data integrity or confidentiality...

CVE-2025-0040

Improper access control between the Joint Test Action Group JTAG and Advanced Extensible Interface AXI could allow an attacker with physical access to read or overwrite the contents of cross-chip debug XCD registers potentially resulting in loss of data integrity or confidentiality...

EUVD-2025-209873

Improper access control between the Joint Test Action Group JTAG and Advanced Extensible Interface AXI could allow an attacker with physical access to read or overwrite the contents of cross-chip debug XCD registers potentially resulting in loss of data integrity or confidentiality...

CVE-2025-0040

Improper access control between the Joint Test Action Group JTAG and Advanced Extensible Interface AXI could allow an attacker with physical access to read or overwrite the contents of cross-chip debug XCD registers potentially resulting in loss of data integrity or confidentiality...

PT-2026-41245

Improper access control between the Joint Test Action Group JTAG and Advanced Extensible Interface AXI could allow an attacker with physical access to read or overwrite the contents of cross-chip debug XCD registers potentially resulting in loss of data integrity or confidentiality...

AMD Processors 访问控制错误漏洞

AMD Processors are a series of processors developed by American semiconductor company AMD. AMD Processors have a vulnerability related to access control. This vulnerability stems from improper access control mechanisms, which may allow attackers with physical access to read or overwrite the...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet10.0: aspnetcore-runtime-10.0-10.0.8-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-10.0-10.0.8-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-10.0-10.0.8-1.hum1 aarch64, x8664...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. Vulnerabilities exist in versions of GitLab CE/EE 16.7 to 18.9.7, 18.10...

CVE-2026-33584

Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthorized access to sensitive debug information such as metrics and health data. This issue affects Symmetric Key Agreement Platform: before 26.03...

CVE-2026-33584

Summary: CVE-2026-33584 affects the Arqit Symmetric Key Agreement Platform, where the Keycloak management service is exposed, allowing unauthorized access to sensitive debug information (metrics and health data) for versions before 26.03. The CVSS 3.1 base score is 5.3 (MEDIUM) with network attac...