2514 matches found
OpenMetaData - SpEL Injection in PUT /api/v1/policies
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...
Hoverfly < 1.10.3 - Arbitrary File Read
Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...
EUVD-2026-41447
An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the putdata endpoint, which performs unsafe deserialization of the attacker-supplied input...
CVE-2026-13371
An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the putdata endpoint, which performs unsafe deserialization of the attacker-supplied input...
CVE-2026-13371
An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the putdata endpoint, which performs unsafe deserialization of the attacker-supplied input...
CVE-2026-13371
WatchGuard Firebox management UI is affected by CVE-2026-13371 due to unsafe deserialization in the put_data endpoint. An authenticated administrator can exploit crafted input to trigger a denial-of-service in the Fireware Management Web UI. The CVSS metrics indicate network access with high priv...
CVE-2026-13371 WatchGuard Firebox Management Web UI Denial of Service via Unsafe Deserialization
An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the putdata endpoint, which performs unsafe deserialization of the attacker-supplied input...
EUVD-2026-41417
Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...
PT-2026-55328
Name of the Vulnerable Software and Affected Versions WatchGuard Firebox Management Web UI affected versions not specified Description An authenticated administrator can cause a denial-of-service condition in the Fireware Management Web UI. This occurs when malformed or crafted data is sent to th...
SUSE CVE-2026-53085
In the Linux kernel, the following vulnerability has been resolved: bpf: fix mm lifecycle in open-coded taskvma iterator The open-coded taskvma iterator reads task-mm locklessly and acquires mmapreadtrylock but never calls mmget. If the task exits concurrently, the mmstruct can be freed as it is...
CVE-2026-57945
PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' profile information by sending requests to arbitrary user endpoints. Attackers can exploit the missing session-to-user identifier validation in the PU...
CVE-2026-57945
Summary of CVE-2026-57945 (PhotoPrism) : A broken access control flaw in PhotoPrism prior to 260601-a7d098548 allows authenticated non-admin users to modify other users’ profile information by exploiting the PUT /api/v1/users/{uid} endpoint. The root cause is missing validation that ties the sess...
Linux Distros Unpatched Vulnerability : CVE-2026-53189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/hugememory: update file PMD counter before folioput splithugepmdlocked updates the file/shmem RSS counter after dropping the PMD mapping's folio reference. I...
CVE-2026-50137
Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace id app... and an S3-source datasource id ds... can call this endpoint with no auth and obtain a 15-minute pre-signed PUT URL minted on the victim's IAM identity. The endpoin...
CVE-2026-49991
RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...
CVE-2026-49991
RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...
CVE-2026-49991
RustFS 1.0.0-beta.4 is affected by a path traversal vulnerability in the Snowball auto-extract feature. Authenticated users with only PutObject permission on their own bucket can write arbitrary objects into other users’ buckets, breaking multi-tenant isolation. Root causes include: (1) No ../ sa...
CVE-2026-53290 drm/xe/eustall: Fix drm_dev_put called before stream disable in close
In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...
CVE-2026-53290
CVE-2026-53290 relates to the Linux kernel DRM subsystem (xe/stall path). The issue occurs in xe_eu_stall_stream_close() where drm_dev_put() is invoked before the stream is disabled and its resources freed. If this drops the last reference, device structures may be freed while subsequent cleanup ...
GO-2026-5746 Docker: `PUT /containers/{id}/archive` executes container binary on the host in github.com/docker/docker
Docker: PUT /containers/id/archive executes container binary on the host in github.com/docker/docker...