CVE-2026-44504 Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

CVE-2026-5545

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

PT-2026-35892

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A logical error in the connection pooling mechanism allows libcurl to reuse an incorrect connection during authenticated HTTPS requests to the same host. If an application first performs a...

CVE-2025-71280 XenForo Local Account Page Caching Information Disclosure

XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users...

CVE-2025-71280

XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where multiple users share a browser or machine, cached account pages could expose sensitive user information to other local users...

CVE-2026-1965

CVE-2026-1965 concerns a vulnerability in libcurl where, under Negotiate authentication, a live connection could be reused for a different user’s credentials. The issue arises because Negotiate sometimes authenticates connections rather than individual requests, allowing a second request to reuse...

USN-5376-4: Git regression

USN-5376-1 fixed a vulnerability in Git. It was discovered that the safety checks introduced in the update were not able to be set using the command line, contrary to expectations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Gi...

CVE-2025-43506

A logic error was addressed with improved error handling. This issue is fixed in macOS Tahoe 26.1. iCloud Private Relay may not activate when more than one user is logged in at the same time...

CVE-2025-43506

A logic error was addressed with improved error handling. This issue is fixed in macOS Tahoe 26.1. iCloud Private Relay may not activate when more than one user is logged in at the same time...

CVE-2025-43506

Summary (CVE-2025-43506) A logic error affecting macOS Tahoe 26.1 related to iCloud Private Relay activation when multiple user accounts are logged in. The issue was resolved in macOS Tahoe 26.1 with improved error handling. The Red Hat and NVD entries corroborate the same vulnerability descripti...

EUVD-2025-203139

A logic error was addressed with improved error handling. This issue is fixed in macOS Tahoe 26.1. iCloud Private Relay may not activate when more than one user is logged in at the same time...

CVE-2025-43506

A logic error was addressed with improved error handling. This issue is fixed in macOS Tahoe 26.1. iCloud Private Relay may not activate when more than one user is logged in at the same time...

CVE-2025-43506

A logic error was addressed with improved error handling. This issue is fixed in macOS Tahoe 26.1. iCloud Private Relay may not activate when more than one user is logged in at the same time...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Tahoe versions prior to 26.1, which stems from a mishandled error that could cause iCloud Private Relay to fail to activate when...

CVE-2025-41116

When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being used, and information for which the viewer is...

CVE-2025-3717

When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being used, and information for which the viewer is...

CVE-2025-41116 Incorrect oauth passthrough in Grafana Databricks Datasource

When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being used, and information for which the viewer is...

CVE-2025-3717 Incorrect oauth passthrough in Grafana Snowflake Datasource

When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being used, and information for which the viewer is...

CVE-2025-3717 Incorrect oauth passthrough in Grafana Snowflake Datasource

When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being used, and information for which the viewer is...

PT-2025-46531

Name of the Vulnerable Software and Affected Versions Grafana Snowflake Datasource Plugin versions 1.5.0 through 1.14.0 Description The Grafana Snowflake Datasource Plugin contains a flaw where, with Oauth passthrough enabled, concurrent use by multiple users on a single Grafana instance can lead...