Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution

Spring Data REST 2.6.9 and 3.0.1, Spring Boot 1.5.9 and 2.0 M6 contain a remote code execution caused by processing malicious PATCH requests with crafted JSON data, letting attackers execute arbitrary Java code, exploit requires sending malicious PATCH requests. id: CVE-2017-8046 info: name: Spri...

CVE-2026-12411

CVE-2026-12411 : Affects Canonical LXD (devLXDInstancePatchHandler). A crafted device PATCH to /dev/lxd, when security.devlxd.management.volumes is enabled, can allow a local untrusted guest to mount, read, and overwrite another guest’s custom storage volume. CVSSv3.1 base score 8.4 (HIGH); confi...

PT-2026-52902

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.2 OpenProject versions prior to 17.4.0 Description A business logic error exists in the password change behavior. This flaw allows an attacker who has achieved an active session takeover to bypass password...

CVE-2026-53663

A flaw was found in React Router. Insufficient Cross-Site Request Forgery CSRF checks in the framework mode allow a remote attacker to bypass these protections on PUT, PATCH, and DELETE requests. This could lead to a low integrity impact, where an attacker might be able to perform unintended...

React Router: Potential CSRF via PUT/PATCH/DELETE document requests

Certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight, SameSite cookies already block the cross-origin attack vectors...

CVE-2026-7184

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the managesecureconnections permission to obtain remote cluster authentication tokens via a PATCH request to the...

CVE-2026-44832

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

CVE-2026-44832 Snipe-IT: Privilege Escalation via API Permissions Assignment

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

CVE-2026-44832

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

CVE-2026-44832

Snipe-IT (asset/license management) contains a privilege-escalation vulnerability prior to version 8.4.1. An authenticated user with only users.edit permission can elevate themselves to admin by PATCHing /api/v1/users/{id} with permissions[admin]=1. The API controller erroneously strips only the ...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in PATCH /api/v3/core/users/pk/. An attacker can gain elevated privileges by assigning arbitrary groups, including those with administrator-equivalent permissions, to users they control or have access to,...

GHSA-J59F-X285-69JX free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference

Summary free5GC's NEF PATCH /3gpp-pfd-management/v1/afId/transactions/transId/applications/appId handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil together with a nil ProblemDetails. The handler's errPfdData != nil branch...

Incorrect Authorization

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Incorrect Authorization in the PATCH process to /api/v1/users/id when the permissions array is not properly restricted. An attacker can gain unauthorized administrative...

inngest-js 信息泄露漏洞

Inngest-js is an open-source framework developed by Inngest, designed to support various serverless platforms. It serves as a reliable event-driven and background task execution framework. Versions 3.22.0 to 3.53.1 of Inngest-js contain a vulnerability related to information leakage. This...

GHSA-2JF5-6WWV-VHXX Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

Summary A vulnerability in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve HTTP handler. The serve handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS...

WordPress plugin Elementor Website Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Directory Traversal

Overview psitransfer is a Simple open source self-hosted file sharing solution Affected versions of this package are vulnerable to Directory Traversal through the Store.getFilename path resolution in the upload storage component. An attacker can escape the upload jail and read or overwrite files...

CVE-2026-32758

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

CVE-2026-33192

CVE-2026-33192 — Free5GC UDM PATCH handling issue : In Free5GC UDM (pre-1.4.2), PATCH requests with an empty supi path parameter can trigger internal misbehavior: a 400 from UDR is converted to 500, and PATCH is inappropriately translated to PUT when forwarded to UDR. This reveals internal error ...