Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the CreateNewDAG API endpoint when the DAG name is not properly validated before being passed to the file store. An attacker can write arbitrary YAML files outside the intended directory, potentially overwriting...

PT-2026-21879

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1 ASUSTOR ADM versions 5.0.0 through 5.1.2.RE51 Description A path traversal issue exists in the FTP Backup feature of ASUSTOR ADM. The software does not adequately sanitize filenames received from a...

PT-2026-21952

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description An issue in the API of Cisco Catalyst SD-WAN Manager, specifically within the Data Collection Agent DCA service, results from improper file handling and the incorrect us...

Cisco Catalyst SD-WAN Manager 安全漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN Manager, which stems from improper handling ...

PT-2026-21897

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: gain access to possible private information found in /var/lib/pcrlock.d manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the...

USN-8052-2: Linux kernel (Xilinx) vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

GHSA-3M2G-V7JF-7FXC Apache Superset Improper Authorization allows low-privileged users to bypass access controls

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

Apache Superset Improper Authorization allows low-privileged users to bypass access controls

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

Incorrect Authorization

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Incorrect Authorization during the dataset creation process. An attacker can gain unauthorized access to restricted data by overwriting the SQL query o...

CVE-2026-23982

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

CVE-2026-23982

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

CVE-2026-23982

CVE-2026-23982 describes an Improper Authorization in Apache Superset where a low-privilege user can bypass data access controls during dataset creation by overwriting the SQL query of an existing dataset. Affected: Apache Superset

EUVD-2026-8476

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to...

PT-2026-21680

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 6.0.0 Description An improper authorization issue exists in Apache Superset that allows a low-privileged user to bypass data access controls. Specifically, an authenticated attacker with permissions to write...

CVE-2026-26359

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files...

CVE-2025-13603

The WP AUDIO GALLERY plugin for WordPress is vulnerable to Unauthorized Arbitrary File Read in all versions up to, and including, 2.0. This is due to insufficient capability checks and lack of nonce verification on the "wpaghtaccesscallback" function This makes it possible for authenticated...

CVE-2026-1355

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload endpoint. By supplying the migration...

GHSA-97RM-XJ73-33JH eBay API MCP Server Affected by Environment Variable Injection

The ebaysetusertokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration fil...

USN-8028-7 linux-nvidia-lowlatency vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

USN-8031-3: Linux kernel vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...