8107 matches found
CVE-2026-40035
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...
CVE-2026-40035
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...
CVE-2026-40035 Unfurl - Werkzeug Debugger Exposure via String Config Parsing
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...
CVE-2026-40035
CVE-2026-40035 affects the Unfurl package (dfir-unfurl) used in Unfurl through 2025.08. The flaw is an improper input validation in config parsing that reads the debug value as a string and passes it to app.run(), causing any non-empty value to evaluate to true and exposing the Werkzeug debugger....
CVE-2026-40035 Unfurl - Werkzeug Debugger Exposure via String Config Parsing
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...
EUVD-2026-20528
Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...
CVE-2026-4498
Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...
CVE-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope
Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...
CVE-2026-4498
Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...
CVE-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope
Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...
CVE-2026-4498
CVE-2026-4498 concerns Kibana, specifically the Fleet plugin, where execution with unnecessary privileges arises from Kibana’s Fleet debug route handlers. An authenticated Kibana user with Fleet sub-feature privileges (e.g., agents, agent policies, settings management) can read index data beyond ...
Kibana 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-21)
Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via...
Security Bulletin: Log Injection Vulnerability in orydolphin/flask-cors (Debug Logging) affects watsonx.data
Summary A vulnerability in orydolphin/flask-cors allows attackers to inject malicious log entries when debug logging is enabled. By sending specially crafted requests containing CRLF sequences, an attacker can corrupt or forge log entries, potentially obscuring other attacks or disrupting log...
OpenClaw Authorization Problem Vulnerability (CNVD-2026-16622)
OpenClaw is a command line tool for rights management. An improper access control vulnerability exists in OpenClaw versions prior to 2026.3.12, which stems from a lack of owner-level permission checking in the /config and /debug command handlers. An attacker can use this vulnerability to read or...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006693)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006693 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref BUG Syzbot reported several...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006803)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006803 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifsdebugdataprocshow Skip SMB sessions that are being...
PT-2026-31335
Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Kibana’s Fleet plugin debug route handlers exhibit execution with unnecessary privileges, potentially allowing authenticated users with Fleet sub-feature privileges to read index data beyond...
Unfurl 安全漏洞
Unfurl is a URL data extraction and visualization analysis tool developed by Ryan Benson. Versions of Unfurl prior to 2025.08 contained security vulnerabilities. These vulnerabilities stemmed from improper input validation in configuration parsing. By default, Flask debug mode was enabled, which...
PT-2026-31470
Name of the Vulnerable Software and Affected Versions Unfurl versions through 2025.08 Description Unfurl through 2025.08 has an improper input validation issue in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006750)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006750 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list...