EUVD-2026-38744

Capgo before 12.128.2 allows direct patching of public.apps.ownerorg through PostgREST, bypassing the transferapp workflow and creating split-brain ownership. Attackers can directly update apps.ownerorg while leaving appversions.ownerorg unchanged, enabling old-org keys to retain access to versio...

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field. id: CVE-2018-19749 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

Github Enterprise Authenticated Remote Code Execution

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

EUVD-2026-38563

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

CVE-2026-54322 Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

CVE-2026-54322

The CVE-2026-54322 issue affects Daytona prior to 0.185.0, where organization role update/delete endpoints granted access based on the caller’s ownership of an org but validated the target role only by its identifier, not by org ownership. This cross-org IDOR lets an authenticated user who owns a...

EUVD-2026-38166

Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pinmux: The race condition that resulted in muxowner being NULL with an active muxusecount has been fixed. The commit 5a3e85c3c397 “pinmux: Use sequential access to access desc-pinmux data” attempted to address this issue by...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevented RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xfs: fixed a Use-after-Free UAF in xchkbtreecheckblockowner. We cannot dereference bs-cur when trying to determine whether bs-cur aliases bs-sc-sa.bno,rmapcur after the latter has been freed. This issue was fixed by introducing a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: Don’t spin in addstackrecord when gfp flags don’t allow. The syzbot tool was able to identify the following functions: addstackrecordtolist in mm/pageowner.c:182 inline incstackrecordcount in mm/pageowner.c:214 inline...

CVE-2026-11357

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

CVE-2026-11357

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress (versions up to and including 3.7.5) contains a Sensitive Information Exposure flaw in editor_assets_variables. Authenticated attackers with contributor-level access can extract license key, license owner email, a...

CVE-2026-11357 Kadence Blocks <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor proData Localization

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

NocoDB: Server-Side Request Forgery via Base Migration URL

Summary The base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP destinations. Details The migrate endpoint is restricted to the workspace owner...

PT-2026-50476

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'base-migration' endpoint accepts a caller-supplied URL that the migration worker dereferences without enforcing the protocol or destination. This allows for scheme abuse, such as using file: ...

Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles

Summary Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the target role by its identifier alone, without verifying the role belonged to that organization. An authenticated user who ow...

PT-2026-49771

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description An issue in internal and webchat command authentication allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. This enables attackers to send commands on affected...

EUVD-2026-36616

OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers can trigger native command handling to bypass the configured owner-command access contro...