21790 matches found
PT-2026-45489
Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspace id/projects/project id and GET .../project id/stats gate access on require workspace memberworkspace id only, then resolve project id through ProjectService.getproject id /...
PT-2026-45651
Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description An Insecure Direct Object Reference IDOR issue in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users. This occurs due to insufficie...
PT-2026-45374
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description The scheduler-side deadline-reference decoder SerializedCustomReference.deserialize reference imports and dispatches arbitrary class paths from serialized state controlled by a DAG author...
PT-2026-45487
Summary Type: Insecure Direct Object Reference. The issue CRUD endpoints GET / PATCH / DELETE /workspaces/workspace id/issues/issue id gate access on require workspace memberworkspace id only, then resolve issue id through IssueService.getissue id which is a primary-key lookup with no workspace...
PT-2026-45652
Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description Kiteworks is a private data network PDN. An Insecure Direct Object Reference IDOR—a flaw where an application provides direct access to objects based on user-supplied input—exists in Kiteworks Secu...
DEBIAN-CVE-2026-8796
Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...
CVE-2026-8796
CVE-2026-8796 affects Sereal::Decoder before 5.005 (Perl). A heap out-of-bounds read can be triggered via crafted input when decoding COPY back-references that re-decode as SHORT_BINARY tags, allowing an attacker-controlled COPY offset to skip bounds and read past the input. This may enable consu...
CVE-2026-8796 Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input
Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...
EUVD-2026-33517
Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...
CVE-2026-8796
Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches the SHORTBINARY...
ECHO-EE72-5202-2C87
Bulletin has no description...
PT-2026-45212
Name of the Vulnerable Software and Affected Versions Sereal::Decoder versions prior to 5.005 Description An issue exists where crafted input can lead to a heap out-of-bounds read. In the file Perl/Decoder/srl decoder.c, the functions srl read object and srl read hash process a COPY tag, which is...
MINI-WR87-XWG2-X7HJ
Bulletin has no description...
MINI-G4VF-MCH7-385W
Bulletin has no description...
MINI-Q57P-73PH-RXC3
Bulletin has no description...
MINI-VXP9-5PRV-7GQW
Bulletin has no description...
MINI-M8WQ-85Q3-M58X
Bulletin has no description...
MINI-FH3H-CJGX-8F8Q
Bulletin has no description...
MINI-8PWV-96GQ-8R76
Bulletin has no description...
MINI-G252-MQQP-RP99
Bulletin has no description...