294 matches found
EUVD-2026-41429
LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...
EUVD-2026-40299
A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...
CVE-2026-50221
A flaw was found in OpenStack Swift's proxy-server. Internal container update routing headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device are not stripped from client requests before being forwarded to object-servers. An authenticated user with write access can inje...
CVE-2026-56269 Flowise - Weak Default Token Hash Secret in JWT Token Encryption
Flowise before 3.1.0 npm package flowise, versions 3.0.13 and earlier uses a weak hardcoded default value 'Secre$t' for the TOKENHASHSECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key...
EUVD-2026-38696
The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to disclose the metadata of any other user, including roles, session token previews and stored billing/shipping fields. This affects the premium co...
CVE-2026-12891 Gstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266/vvc vui parameter parser
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...
CVE-2026-50221
In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...
EUVD-2026-38537
In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...
PT-2026-51449
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description An issue exists where webhooks follow redirects, allowing access to hostnames within localCIDRs Internet Protocol address ranges used for local networks. This leads to Server Side Request Forgery SSRF,...
EUVD-2026-38164
Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...
CVE-2026-49288
Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources...
PT-2026-51005
Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.23 Statamic versions prior to 6.20.0 Description An authenticated Control Panel user can view metadata and content for resources they lack permission to access. This includes entries, assets, users, roles, group...
CVE-2026-48764 TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass
TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...
CVE-2026-47352
Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...
Malicious code in ipy-rev-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555 On npm install, index.js runs as a preinstall hook and POSTs hostname, username, platform, architecture, cwd, CI flags, and npm user-agent to...
CVE-2026-47352
Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...
CVE-2026-47352
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-47352 for affected TYPO3 versions and remediation.
PT-2026-47431
Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.4.0 Devolutions Server versions prior to 2026.1.20.0 Description Missing authorization in the deleted user groups API allows an authenticated low-privileged user to enumerate metadata of deleted user groups by...
CVE-2026-24761
Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...
CVE-2026-44719
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, collaborators.list, tables.metadata.list, explorations.list, and forms.list accept a databaseid without verifying that the requesting user was a collaborator on that...