10 matches found
CVE-2026-28225
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
CVE-2026-28225
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
EUVD-2026-8915
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
CVE-2026-28225
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
CVE-2026-28225 Manyfold has IDOR in ModelFilesController
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
CVE-2026-28225 Manyfold has IDOR in ModelFilesController
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
CVE-2026-28225 Manyfold has IDOR in ModelFilesController
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
PT-2026-22213
Name of the Vulnerable Software and Affected Versions Manyfold versions prior to 0.133.1 Description Manyfold is a self-hosted web application for managing 3d models. A flaw exists in the get model method within the ModelFilesController lines 158-160 where models are loaded using Model.find...
GHSA-8P9X-46GM-QFX2 Kyverno Cross-Namespace Privilege Escalation via Policy apiCall
Summary A critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with...
Visa Europe Cross Site Scripting
Visa Europe Official Website Vulnerability ============================================= Published Report: 07/02/2014 Credits: Advanced Information Security Corporation, USA Severity: High/Critical OWASP TOP 10 CVSS: 7.0 Type: Web Application / Reflected Cross-Site Scripting Attack. Author:...