CVE-2026-42811

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

Apache Polaris 输入验证错误漏洞

Apache Polaris is a data management and query service component of the Apache Foundation. Version 1.4.0 of Apache Polaris contains a vulnerability related to input validation. This vulnerability arises from the lack of escaping of namespace or table identifiers when constructing Google Cloud...

Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok

In xmlparse.c within Expat also known as libexpat, prior to version 2.4.5, attackers could insert namespace-separator characters into namespace URIs...

BIT-GITLAB-2025-13772 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API...

CVE-2025-13772

A flaw was found in GitLab. An authenticated user could exploit this vulnerability by manipulating namespace identifiers in API requests. This could allow them to access and utilize AI model settings from unauthorized namespaces, leading to information disclosure and potential misuse of AI...

GitLab Enterprise Edition（EE） 安全漏洞

GitLab Enterprise Edition EE is a content management system from the U.S.-based GitLab, Inc. A security vulnerability exists in GitLab Enterprise Edition EE versions prior to 18.5.5, prior to 18.6.3, and prior to 18.7.1, which stems from manipulating namespace identifiers in API requests, and cou...

PT-2026-1714

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.4 through 18.5.4 GitLab EE versions 18.6 through 18.6.2 GitLab EE versions 18.7 through 18.7.0 Description An authenticated user could potentially access and utilize AI model settings from unauthorized namespaces. This...

JLSEC-2025-53 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator chara...

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

OESA-2022-1554 expat security update

An XML parser library. Security Fixes: xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.CVE-2022-25235 xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert...

AZL-8604 CVE-2022-25236 affecting package expat for versions less than 2.4.8-1

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

UBUNTU-CVE-2022-25236

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...