CVE-2026-24895

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the...

PT-2023-26185 · Dapr · Dapr

Name of the Vulnerable Software and Affected Versions: Dapr versions prior to 1.10.9 Dapr versions prior to 1.11.2 Description: A vulnerability has been found in Dapr that allows bypassing API token authentication with a well-crafted HTTP request. This issue impacts Dapr users who have configured...

PT-2022-16845 · Sylius · Sylius

Name of the Vulnerable Software and Affected Versions: Sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 Description: The issue allows any other user to view the data if the browser tab remains open after logging out. This can lead to a data leak, such as customer details or payment gateway...

libcontainer/user/user.go in runC before 0.1.0 as used in Docker before 1.11.2 improperly treats a numeric UID as a potential username which allows local users to gain privileges via a numeric username in the password file in a container.

...

DEBIAN-CVE-2011-4029

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service removed execution permission via a symlink attack on a temporary lock file...