14 matches found
OpenHarness 安全漏洞
OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU, open source in nature. There is a security vulnerability in OpenHarness; this vulnerability stems from incomplete path normalization in the permission checker, which may lead to access to sensitive files...
CVE-2026-22682 OpenHarness Improper Access Control via File Tools
OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...
CVE-2026-22682 OpenHarness Improper Access Control via File Tools
OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...
CVE-2026-33663
Summary: CVE-2026-33663 affects n8n Community Edition. Before versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in the credential pipeline to steal plaintext secrets from generic HTTP credentials (httpBasicAuth, http...
EUVD-2021-2253
Malware in sbrugna...
CVE-2021-28661
Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...
SilverStripe GraphQL Server permission checker not inherited by query subclass.
Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...
CVE-2021-28661
Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...
CVE-2021-28661
Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...
CVE-2021-28661
Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...
CVE-2021-28661
Default SilverStripe GraphQL Server aka silverstripe/graphql 3.x through 3.4.1 permission checker not inherited by query subclass...
CVE-2021-28661
The CVE-2021-28661 entry concerns the SilverStripe GraphQL Server (silverstripe/graphql) versions 3.x through 3.4.1, where the permission checker is not inherited by a query subclass. This is identified as a permission-related issue in the GraphQL server component, with the underlying root cause ...
PT-2021-17888 · Silverstripe · Silverstripe Graphql Server
Name of the Vulnerable Software and Affected Versions: SilverStripe GraphQL Server versions 3.x through 3.4.1 Description: The issue concerns a permission checker not being inherited by a query subclass in the SilverStripe GraphQL Server. Recommendations: For versions 3.x through 3.4.1, update to...
CVE-2021-28661 Default GraphQL permission checker not inherited by query subclass
More info at https://www.silverstripe.org/download/security-releases/CVE-2021-28661...