11 matches found
CVE-2026-56334 Capgo - Missing UPDATE RLS Policy for Build Status Persistence
Capgo before 12.128.2 lacks an UPDATE row-level security policy for the buildrequests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving buildreques...
PT-2026-54038
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Capgo lacks an UPDATE row-level security policy for the build requests table. This missing policy prevents API-key and anonymous access from persisting builder status updates. An attacker can exploi...
CVE-2026-28578
In multiple functions of DevicePolicyManagerService.java, there is a possible desync from persistence due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-26227
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.22 OpenClaw versions 2026.2.21-2 and earlier Description The software contains an authorization bypass issue in the allow-always wrapper persistence feature. This allows attackers to bypass approval checks by...
EUVD-2025-31360
Malicious code in bioql PyPI...
CVE-2025-48556
In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2021-26921
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...
CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when CLIENT SETINFO times out during connection establishment. This can happen when the client is configured to transmit its identity, there...
SUSE-SU-2016:0839-1 Security update for tomcat6
This update for tomcat6 fixes the following issues: The version was updated from 6.0.41 to 6.0.45. Security issues fixed: CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and li...
SUSE-SU-2016:0822-1 Security update for tomcat
This update for tomcat fixes the following security issues. Tomcat has been updated from 7.0.55 to 7.0.68. CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended SecurityManager restrictions and list a parent...
Putty < 0.54 SSH2 Authentication Password Persistence Weakness
Binary data 1999.prm...