36151 matches found
MINI-MWVX-WP34-M2RR
Bulletin has no description...
CVE-2026-43890
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route...
CVE-2026-43900 DeepChat: Persistent DOM XSS via HTML Entity Encoding in `<antArtifact>` SVG Rendering (Bypass of `svgSanitizer.ts`)
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...
CVE-2026-43889
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...
CVE-2026-43889 Outline: Unauthorized Document Publication via Mixed collectionId+documentId Share
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...
CVE-2026-43889
Outline is vulnerable prior to 1.7.0 due to the shares.create API accepting both collectionId and documentId and, when published=false, skipping the share-permission check. A subsequent shares.update permits publication using an OR policy (can share collection OR can share document), allowing an ...
CVE-2026-43889 Outline: Unauthorized Document Publication via Mixed collectionId+documentId Share
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...
EUVD-2026-29334
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route...
CVE-2026-43890
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route...
MINI-QQMH-W2F9-CGH2
Bulletin has no description...
MINI-35WF-F2WQ-Q2H5
Bulletin has no description...
MINI-2WP2-J2CX-MCCX
Bulletin has no description...
MINI-XV7F-HC5M-WW72
Bulletin has no description...
MINI-7W6H-63QF-6FWF
Bulletin has no description...
MINI-G2RP-FCH9-G6CG
Bulletin has no description...
MINI-QCC6-H659-QHMF
Bulletin has no description...
MINI-FFQC-89JC-QJXH
Bulletin has no description...
MINI-WQ8M-FP33-6WRQ
Bulletin has no description...
MINI-93H8-49MH-758Q
Bulletin has no description...
MINI-6258-82J5-62R6
Bulletin has no description...