CVE-2026-44939

A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/tokenclusterId.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers...

CVE-2026-44939

An input validation flaw in Rancher Manager's import endpoint (/v3/import/{token}_{clusterId}.yaml) allows command injection via unsanitized YAML parameters in versions prior to 2.14.2. Impact: remote attackers could break out of the container image and execute arbitrary code inside containers. R...

CVE-2026-44939 Command injection through unsanitized YAML parameter in Rancher

A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/tokenclusterId.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers...

📄 phpVMS 7.0.5 Unauthenticated Import Endpoint Bypass

Proof of concept targeting phpVMS versions 7.0.5 and below. It scans multiple importer-related endpoints, attempts POST-based actions that simulate or trigger destructive operations such as import, delete, and database wipe behaviors, and classifies a target as vulnerable based on HTTP responses...

CVE-2026-11577

A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/realm/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions FGAP and escalate their privileges to a full realm administrator by importin...

PT-2026-47283

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An improper access control flaw exists where a limited administrator can bypass Fine-Grained Admin Permissions FGAP, which are detailed permissions that restrict administrative actions to...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from improper access control in the POST /admin/realms/realm/partialImport endpoint, which may allow limited administrators to bypass...

CVE-2026-44562

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

CVE-2026-44562

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

CVE-2026-44562

Open WebUI vulnerability CVE-2026-44562 affects the model import flow. Before version 0.9.0, POST /api/v1/models/import allowed users with workspace.models_import to overwrite any existing model without ownership checks, merging the attacker payload into the target model when IDs match, and bypas...

Hermes Web UI 路径遍历漏洞

Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Versions of Hermes Web UI prior to 0.51.44 contained a path traversal vulnerability. This vulnerability stemmed from path traversal within the session import endpoint, which could allow authentication attacke...

CVE-2026-43638 Bitwarden Server < 2026.4.1 Missing Authorization via Organization Cipher Import

Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via POST /ciphers/import-organization by submitting an empty collections array, which causes the server-side permission check to be...

PT-2026-39662

Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via POST /ciphers/import-organization by submitting an empty collections array, which causes the server-side permission check to be...

GHSA-9VVH-QMJX-P4Q8 Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining

Base Model Routing Bypasses Access Control via Model Chaining Affected Component Model chaining via basemodelid: - backend/openwebui/routers/models.py lines 170-214, createnewmodel - backend/openwebui/routers/models.py lines 254-308, importmodels - backend/openwebui/main.py lines 1696-1711, base...

CVE-2026-40882

OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to...

CVE-2026-33740

EspoCRM

EspoCRM 安全漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. EspoCRM versions 9.3.3 and earlier contained security vulnerabilities. These vulnerabilities...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the Size field in JSON metadata at the file import endpoint for size checks, rather than the actual...

CVE-2026-5623

A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly availabl...

EUVD-2026-19174

A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit is publicly availabl...