CVE-2026-56222 Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings

Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/rolebindings that fails to verify appid ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by...

CVE-2026-46344

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

EUVD-2026-33413

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

EUVD-2026-32970

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via projectid case mismatch. ProjectAuthorizer.call OSS api/auth/authproject.py:14-38 and EE ee/api/auth/authproject.py:14-46 only runs...

CVE-2026-42207

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, MageProductAlertAddController::stockAction reads the uenc query parameter and passes...

GHSA-FG3J-5W9G-HMG7 authd: Primary group ID is incorrectly set to value of UID

authd 0.6.0 contains a bug which can lead to an incorrect primary group ID. It affects users whose primary group ID i.e. the GID in the user record differs from their UID. There are two ways which can lead to this: 1. The user was created with authd &2 continue fi if "$OLDGID"...

CVE-2026-43047

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Check to ensure report responses match the request It is possible for a malicious or clumsy device to respond to a specific report's feature request using a completely different report ID. This can cause confusio...

PT-2026-36464

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the HID multitouch component where a device can respond to a feature request using a report ID that differs from the one requested. This discrepancy can lead to confusio...

EUVD-2026-14927

Vikunja has a Link Share Delete IDOR — Missing Project Ownership Check Allows Cross-Project Link Share Deletion...

CVE-2026-25564

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tampering by manipulating identifiers...

PT-2026-6924

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description The software contains an authorization weakness in the attachment upload API. The API does not fully validate identifiers such as boardId, cardId, swimlaneId, and listId to ensure they correctly relate ...

CVE-2025-14802

The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/fileid REST API endpoint. This is due to a parameter mismatch between the DELETE operation and authorization check, where the...

EUVD-2025-27985

Malicious code in bioql PyPI...

CVE-2020-5230

Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directorie...

PT-2023-18301 · Qualcomm · Snapdragon +40

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue involves memory corruption in video when calling APIs with a different instance ID than the one received during initialization. Recommendations: At the moment, there is no...

Qualcomm Chipsets 代码问题漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption issue that occurs when the API for calling the instance ID differs from the instance ID received in initialization...

Bad local IPv6 connection reuse

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. Due to errors in the logic, the config matching function did not take the IPv6 address zone id into account which could lead to libcurl reusing the wrong connection...

undertow: Client can use bogus uri in Digest authentication

It was discovered that when using Digest authentication, the server does not ensure that the value of the URI in the authorization header matches the URI in the HTTP request line. This allows the attacker to execute a MITM attack and access the desired content on the server...

The vulnerability of the disable_priv_mode command in the GNU Bash shell, related to improper checking of deleted privileges, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the disableprivmode command in the GNU Bash shell relates to a privilege reset error. This occurs when the command is executed with a valid UID, but the UID does not match its actual value. Exploiting this vulnerability can allow an attacker to access confidential data,...

Unsafe Identifiers

opencast-common is using unsafe identifier. The package allows the use of arbitrary identifiers for media packages and file systems, causing the identifier mismatch as an identifier may unintentionally be changed. When the identifiers are used for file system operations, an attacker can make use ...