3 matches found
CVE-2026-27839
wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition...
CVE-2026-24473 Hono has an Arbitrary Key Read in Serve static Middleware (Cloudflare Workers Adapter)
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arbitrary keys from the Workers environment...
Vulnerabilities in the Android operating system that allow a hacker to execute arbitrary code and read arbitrary keys from the Keystore.
The multiple vulnerabilities of the Android operating system’s Keystore component are related to buffer overflows in dynamic memory, caused by integer overflows. Exploitation of these vulnerabilities allows a remote attacker to execute arbitrary code and read arbitrary Keystore keys using a...