GHSA-J94X-8WCP-X7HM Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration

Summary Kargo's built-in http and http-download promotion steps execute outbound HTTP requests from the Kargo controller. By design, these steps do not restrict destination addresses, as there are legitimate use cases for requests to internal and private endpoints. However, this also permits...

Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration

Summary Kargo's built-in http and http-download promotion steps execute outbound HTTP requests from the Kargo controller. By design, these steps do not restrict destination addresses, as there are legitimate use cases for requests to internal and private endpoints. However, this also permits...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go‎. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...

PT-2026-26462

Name of the Vulnerable Software and Affected Versions Kargo versions 1.4.0 through 1.6.3 Kargo versions 1.7.0-rc.1 through 1.7.8 Kargo versions 1.8.0-rc.1 through 1.8.11 Kargo versions 1.9.0-rc.1 through 1.9.4 Description Kargo's built-in http and http-download promotion steps allow Server-Side...

EUVD-2026-10921

Sylius has a Promotion Usage Limit Bypass via Race Condition...

EUVD-2026-10920

Sylius has a Promotion Usage Limit Bypass via Race Condition...

Sylius has a Promotion Usage Limit Bypass via Race Condition

Impact A Time-of-Check To Time-of-Use TOCTOU race condition was discovered in the promotion usage limit enforcement. The same class of vulnerability affects three independent limits: 1. Promotion usage limit - the global used counter on Promotion entities 2. Coupon usage limit - the global used...

GHSA-7MP4-25J8-HP5Q Sylius has a Promotion Usage Limit Bypass via Race Condition

Impact A Time-of-Check To Time-of-Use TOCTOU race condition was discovered in the promotion usage limit enforcement. The same class of vulnerability affects three independent limits: 1. Promotion usage limit - the global used counter on Promotion entities 2. Coupon usage limit - the global used...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a race condition in the promotion and coupon usage limit enforcement process. An attacker can redeem limited-use...

CVE-2026-31824

Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use TOCTOU race condition was discovered in the promotion usage limit enforcement. The same class of vulnerability affects the promotion usage limit the global used counter on Promotion entities, coupon usage limi...

CVE-2026-31824 Sylius has a Promotion Usage Limit Bypass via Race Condition

Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use TOCTOU race condition was discovered in the promotion usage limit enforcement. The same class of vulnerability affects the promotion usage limit the global used counter on Promotion entities, coupon usage limi...

CVE-2026-31824 Sylius has a Promotion Usage Limit Bypass via Race Condition

Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use TOCTOU race condition was discovered in the promotion usage limit enforcement. The same class of vulnerability affects the promotion usage limit the global used counter on Promotion entities, coupon usage limi...

CVE-2026-31824 Sylius has a Promotion Usage Limit Bypass via Race Condition

Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use TOCTOU race condition was discovered in the promotion usage limit enforcement. The same class of vulnerability affects the promotion usage limit the global used counter on Promotion entities, coupon usage limi...

CVE-2026-31824

Sylius (Open Source eCommerce Framework on Symfony) disclosure describes a TOCTOU race in promotion usage limits. The vulnerability affects the global used counters on Promotion entities, PromotionCoupon entities, and per-customer coupon redemption counts. The root cause is reading in-memory coun...

CVE-2026-31824

Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Check To Time-of-Use TOCTOU race condition was discovered in the promotion usage limit enforcement. The same class of vulnerability affects the promotion usage limit the global used counter on Promotion entities, coupon usage limi...

PT-2026-24478

Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, and 2.2.3 and above Description Sylius, an Open Source eCommerce Framework on Symfony, contains a Time-of-Check To Time-of-Use TOCTOU race condition in the...

EUVD-2026-10354

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...

CVE-2026-27012

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...

OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php

Summary A privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling modules/utenti/actions.php. This can promote an existing account e.g. agent into the Amministratori group as well as demot...

CVE-2025-11252

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not...