CVE-2026-29179 October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...

EUVD-2026-11212

An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures...

BytesUtils.substring accepts out of bound offset input

Lines of code Vulnerability details Impact The BytesUtils.substring function accepts out of bound offset value and returns a valid response without reverting. function substring bytes memory self, uint256 offset, uint256 len internal pure returns bytes memory requireoffset + len = self.length;...

findNewOwner edgecase

Handle gpersoon Vulnerability details Impact In the function findNewOwner of RCOrderbook, as loop is done which included the check loopCounter maxDeletions Afterwards a check is done for "loopCounter != maxDeletions" to determine if the processing is finished. If loopCounter == maxDeletions then...