CVE-2026-44678 Tuist: IDOR in preview deletion API allows cross-tenant deletion of any preview by UUID

Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/accounthandle/projecthandle/previews/previewid endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-lev...

EUVD-2026-30483

Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/accounthandle/projecthandle/previews/previewid endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-lev...

CVE-2026-43001

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

Lunary Access Control Error Vulnerability

Lunary is a production toolkit for LLM from lunary open source. An access control error vulnerability exists in lunary version 1.2.4, which stems from the backend failing to validate the project identifier against the current user's organization ID and the project it belongs to, as well as a...

CVE-2021-22193

Removed by vendor...

CVE-2020-1481

A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'...

Description of the security update for Office 2013: June 13, 2017

Description of the security update for Office 2013: June 13, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...