CVE-2026-41975

Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity...

GHSA-GV23-XRM3-8C62 PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API

Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and delete resources in any...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from a problem with the Views component that allowed for the reuse of resources after they were released. This could...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of ANGLE components after their release, which could allow remote attackers to exploit the vulnerabili...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released in the network, which could allow remote attackers to execute...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability, which stemmed from a reuse issue in PDFium. This vulnerability could allow remote attackers to exploit heap corruption through specially crafted...

IBM Langflow 资源管理错误漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.9.0 of IBM Langflow contain resource management vulnerabilities. These vulnerabilities stem from uncontrolled resource consumption, which ma...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of Aura components after their release, potentially allowing remote attackers to exploit users by...

OpenTelemetry Collector Contrib 信任管理问题漏洞

OpenTelemetry Collector Contrib is an extensible telemetry data collection component library developed by OpenTelemetry - CNCF. Versions of OpenTelemetry Collector Contrib prior to 1.1.0 contained a trust management vulnerability. This vulnerability stemmed from the lack of validation of HTTPS/TL...

epa4all-client 信任管理问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to 1.2.1 contained a trust management vulnerability. This vulnerability stemmed from the ECDSA signature verification in SignedPublicKeysTrustValidatorImpl.isTrusted, where the...

Ivanti Secure Access Client 信任管理问题漏洞

Ivanti Secure Access Client is a security software client developed by the American company Ivanti. Versions of Ivanti Secure Access Client prior to 22.8R6 contained a vulnerability related to trust management. This vulnerability stemmed from improper certificate verification, which could allow...

Dell PowerFlex Manager 信任管理问题漏洞

Dell PowerFlex Manager is a management tool developed by Dell, Inc. Versions of Dell PowerFlex Manager prior to 4.6.2 contained a trust management vulnerability. This vulnerability stemmed from improper certificate verification, which could allow unauthenticated attackers with access to adjacent...

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability stems from the function concrete/controllers/backend/file addFavoriteFolder$id, which is vulnerable to cross-sit...

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the hardcoding of a Google Maps API key in the settings.inc.php file. This...

Astra Linux - уязвимость в net-snmp

The handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP versions 5.8 through 5.9.3 has a NULL Pointer Exception bug. This bug can be exploited by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in a Denial of Service attack...

MISP 资源管理错误漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analyzing threats to network security and malware analysis. MISP has a resource management...

Taiko AG1000-01A SMS Alert Gateway 信任管理问题漏洞

The Taiko AG1000-01A SMS Alert Gateway is an industrial communication gateway device developed by Taiko Company in Singapore. It supports SMS-based alert notifications and remote event messaging. Both the Rev 7.3 and Rev 8 versions of the Taiko AG1000-01A SMS Alert Gateway contain vulnerabilities...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 148.0.7778.179, there was a resource management vulnerability that stemmed from the reuse of XR objects after their release. This vulnerability could allow remote attackers to execute arbitrary code through a specially...

Sensorweb ScadaBR 信任管理问题漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version ScadaBR 1.2.0 contains a vulnerability related to trust management. This vulnerability arises from the use of hard-coded credentials,...

Cisco Catalyst SD-WAN Manager（Cisco SD-WAN vManage） 安全漏洞

Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage is a highly customizable dashboard provided by the American company Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN...