2 matches found
CVE-2026-56329 Capgo - Cross-Tenant Preview Namespace Collision via Non-Bijective Underscore Decoding
Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview...
[SECURITY] [DLA 70-1] tryton-server security update
Package : tryton-server Version : 1.6.1-2+squeeze2 CVE ID : CVE-2014-6633 duesenfranz discovered, that safeeval in trytond could be used to execute arbitrary commands, mainly via the webdav interface. The patches applied do not allow double underscores in safeeval and avoid double evaluation from...