629 matches found
EUVD-2026-17115
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...
CVE-2026-33028
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the prima...
CVE-2026-5170
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...
CVE-2026-5170
A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...
PT-2026-29047
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.2.2 MongoDB Server versions 8.0.18 through 8.0.18 MongoDB Server versions 7.0.31 through 7.0.31 Description A user with limited privileges within a cluster can cause a mongod process to crash when the cluster...
CVE-2026-27953
ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...
CVE-2026-27953
ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...
CVE-2026-27953
Summary: CVE-2026-27953 affects ormar (Python)
EUVD-2026-13198
ormar Pydantic Validation Bypass via pkonly and excluded Kwargs Injection in Model Constructor...
Malicious code in @bingads-webui-cc-react/edit-primary-contact (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8db2de62135603996e4dfafbfd49878df32f1d35291bd473c636cef7b7303f6 The package @bingads-webui-cc-react/edit-primary-contact was found to contain malicious code...
MAL-2026-1587 Malicious code in @bingads-webui-cc-react/edit-primary-contact (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8db2de62135603996e4dfafbfd49878df32f1d35291bd473c636cef7b7303f6 The package @bingads-webui-cc-react/edit-primary-contact was found to contain malicious code...
NewStart CGSL MAIN 6.06 (SP) : docker-ce Vulnerability (NS-SA-2026-0028)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has docker-ce packages installed that are affected by a vulnerability: - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set ...
Authentication Bypass by Primary Weakness
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the SAML Identity Provider authentication process when it is...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005743)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005743 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit...
EUVD-2026-9413
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...
CVE-2026-23601
CVE-2026-23601 describes a vulnerability in the wireless encryption handling of Wi‑Fi transmissions. A malicious actor can generate shared-key authenticated transmissions that impersonate a primary BSSID, delivering targeted, tampered data to specific endpoints and bypassing standard cryptographi...
PT-2026-22941
Name of the Vulnerable Software and Affected Versions Wi-Fi affected versions not specified Description A security issue exists in how Wi-Fi handles wireless encryption during transmissions. An attacker can create specially crafted, authenticated transmissions that appear to come from a trusted...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005402)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005402 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit...
CVE-2026-27839
wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition...
wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup
Summary Three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition plan data, including caloric intake and full macro breakdown, by supplying an arbitra...