184 matches found
GHSA-9RH9-HF3W-9FGG shopper/framework: Race condition on Discount.usage_limit allows silent over-redemption
Impact CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was silently exceeded: orders were committed with the...
CVE-2026-44457
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...
CVE-2026-44457 Hono: Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...
CVE-2026-44457
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...
Hono 安全漏洞
Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.12.18 contained security vulnerabilities. These vulnerabilities stemmed from the caching middleware not skipping the caching of responses that declared differences per user. This could result in cached...
EUVD-2026-29081
Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...
CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode
Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...
CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode
Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...
Unity Linux 20.1060e / 20.1070e Security Update: jackson-databind (UTSA-2026-017518)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017518 advisory. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
Unity Linux 20.1060e / 20.1070e Security Update: jackson-databind (UTSA-2026-017572)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017572 advisory. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
GHSA-P77W-8QQV-26RM Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
Summary Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. Details The Cache Middleware skips caching when...
Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
Summary Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be served to subsequent requests from different users. Details The Cache Middleware skips caching when...
PT-2026-39327
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description Cache Middleware fails to skip caching for responses that declare per-user variance using the Vary: Authorization or Vary: Cookie headers. While the middleware correctly skips caching for Vary: ,...
WordPress Maximum Products per User for WooCommerce plugin <= 4.3.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Maximum Products per User for WooCommerce versions = 4.3.6...
Malicious Package
Overview xpack-per-user is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Windows Registry Active Setup Persistence
This module will register a payload to run via the Active Setup mechanism in Windows. Active Setup is a Windows feature that runs once per user at login. It triggers in a user context, losing privileges from admin to user. Active Setup will open a popup box with "Personalized Settings" and the te...
CVE-2026-26219
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to...
Malicious code in xpack-per-user (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd02e72044e1a432dd520594d89d568cdd80feaef160f24160f04cc549662c08 The package xpack-per-user was found to contain malicious code. Source: ghsa-malware 1182af58fca66833bb4a361e986f5ba960d9e9ab320cd787464bda92246392fb...
MAL-2026-770 Malicious code in xpack-per-user (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd02e72044e1a432dd520594d89d568cdd80feaef160f24160f04cc549662c08 The package xpack-per-user was found to contain malicious code. Source: ghsa-malware 1182af58fca66833bb4a361e986f5ba960d9e9ab320cd787464bda92246392fb...
Cross-dashboard privilege escalation via permission management
Grafana is an open-source platform for monitoring and observability. The platform supports creating dashboards, which collate various visualisation panels onto one plane. These can have per-user permissions. If a user has permission management rights on one dashboard, they could edit the...