CVE-2026-11369 IDOR in Comment API Allows Cross-Process Comment Read and Write

The Comment API GET /api/Comment and POST /api/Comment in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference IDOR vulnerability allows any authenticated...

CVE-2026-9088 Keycloak: keycloak: information disclosure due to user profile permission bypass

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

CVE-2026-45543 Nextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...

praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...

CVE-2026-40547

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

CVE-2026-41014 Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

EUVD-2026-33595

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

CVE-2026-4387

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

CVE-2026-49323 Indian Scout Bobber 2025 WCM-to-ECM weak authentication

Weak authentication between the Wireless Control Module WCM and the Engine Control Module ECM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the per-vehicle ECM immobilizer secret by passively...

SUSE-SU-2026:2110-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues - CVE-2026-22007: APIs in the specified component can lead to an unauthorized read access bsc1262490. - CVE-2026-22013: unauthenticated attacker with network access can access to critical data bsc1262494. - CVE-2026-22016: APIs in the...

StrongDM 安全漏洞

StrongDM is an infrastructure access management platform developed by the US company StrongDM. Versions of StrongDM prior to 23.74.0 contained security vulnerabilities. These vulnerabilities stemmed from the storage of authentication status in plaintext, including JSON Web Tokens and key material...

CVE-2026-46830

Vulnerability in Oracle REST Data Services component: Mongoapi. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability...

CVE-2026-46841

Vulnerability in Oracle REST Data Services component: General. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability c...

EUVD-2026-33052

Vulnerability in Oracle REST Data Services component: Mongoapi. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability...

EUVD-2026-32711

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

PT-2026-44525

Vulnerability in Oracle REST Data Services component: Mongoapi. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability...

CVE-2026-45083 Goobi viewer: Unauthenticated Solr Streaming Expression Proxy

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...

EUVD-2026-32517

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2026-48923

Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2026-48921

Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...