414 matches found
[SECURITY] Fedora 44 Update: log4cxx-1.7.0-2.fc44
Log4cxx is a popular logging package written in C++. One of its distinctive features is the notion of inheritance in loggers. Using a logger hierarchy it is possible to control which log statements are output at arbitrary granularity. This helps reduce the volume of logged output and minimize the...
CVE-2026-57520
Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...
CVE-2026-57520 Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint
Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...
PT-2026-52574
Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.5.0 Description An issue exists where authenticated Custom users with the ManageUsers permission can escalate privileges to remove Admin accounts from an organization. This occurs due to a missing role...
CVE-2026-47197
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...
CVE-2026-47197 Quest Bot: Discord moderation role hierarchy bypass in ban, kick, mute, unmute, warn, and nickname commands
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...
EUVD-2026-36414
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...
CVE-2026-47197 Quest Bot: Discord moderation role hierarchy bypass in ban, kick, mute, unmute, warn, and nickname commands
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...
CVE-2026-47197
CVE-2026-47197 concerns the Quest Bot for Discord. Before version 1.1.6, a moderator who has the relevant Discord permission can use the bot to moderate users who are higher in the Discord role hierarchy, provided the bot itself outranks the target. This bypasses Discord’s normal role hierarchy p...
CVE-2026-47197 Quest Bot: Discord moderation role hierarchy bypass in ban, kick, mute, unmute, warn, and nickname commands
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...
PT-2026-48860
Name of the Vulnerable Software and Affected Versions Quest Bot versions prior to 1.1.6 Description A moderator possessing the necessary Discord permission bit can utilize the bot to perform moderation actions on users who are higher in the Discord role hierarchy, provided the bot itself has a...
VMware Spring for GraphQL 访问控制错误漏洞
VMware Spring for GraphQL is a GraphQL application development framework provided by the American company VMware. Versions of VMware Spring for GraphQL such as 2.0.0 and earlier, 1.4.0 and earlier, 1.3.0 and earlier, as well as 1.0.0 and earlier, have a access control vulnerability. This...
PT-2026-48627
Name of the Vulnerable Software and Affected Versions Spring for GraphQL versions 1.0.0 through 1.0.6 Spring for GraphQL versions 1.3.0 through 1.3.8 Spring for GraphQL versions 1.4.0 through 1.4.5 Spring for GraphQL versions 2.0.0 through 2.0.3 Description The annotation detection mechanism for...
PT-2026-45061
Name of the Vulnerable Software and Affected Versions PraisonAI Platform affected versions not specified Description The server contains multiple authorization flaws. First, a cross-tenant Insecure Direct Object Reference IDOR exists because the require workspace member dependency only validates...
Astra Linux – Vulnerability in xorg-server
A flaw was discovered in the X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can lead to a heap buffer overflow condition, which may result in an application...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: shaper: Protection against late creation of hierarchies. We retrieve the netdev during the preparation of Netlink operations before callbacks. We then take a reference to it. Later, within the body of the callback, we acquir...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: fbdev: Fixed the issue of unregistering framebuffers without a device. Framebuffers in OF do not have a underlying device in the Linux device hierarchy. Instead of hot-unplugging such non-existent devices, a regular unregister...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: UDF: Detection of system inodes linked into the directory hierarchy When the UDF filesystem is corrupted, hidden system inodes may be linked into the directory hierarchy. This can lead to further serious corruption of the...
Malicious code in @antv/hierarchy (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
1g6table (=0.1.0), 7qb (=0.0.17) +1701 more potentially affected by unknown CVE via @antv/hierarchy (>=0.1.2 <=0.7.1)
@antv/hierarchy NPM version =0.1.2, =1.1.0, =1.0.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.1.43, =5.0.48, =0.1.0, =0.5.0-alpha.0, =0.5.1-alpha.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVHIERARCHY-16755057...