144 matches found
Sequence of Processor Instructions Leads to Unexpected Behavior
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Sequence of Processor Instructions Leads to Unexpected Behavior through the fielddelete process. An attacker can permanently remove...
GHSA-9VMH-WHC4-7PHG OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users
This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the...
CVE-2026-45351
Open WebUI vulnerability CVE-2026-45351: A non-admin user could trigger a request to /api/models? and receive the system prompt of available models, revealing admin-set backend prompts and compromising confidentiality. This affects Open WebUI self-hosted offline AI platform versions prior to 0.8....
GHSA-7FW3-X4R2-G7WC Portainer has a bind-mount restriction bypass via HostConfig.Mounts
Summary Portainer offers an environment-level Disable bind mounts for non-administrators security setting that blocks regular users from binding host paths into containers they create through the Portainer-mediated Docker API. The check that enforces this setting only inspected the legacy...
Incorrect Authorization
Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the admin-api routes due to insufficient authorization checks. An attacker can access backend operational information by...
Incorrect Authorization
Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the admin-api routes due to insufficient authorization checks. An attacker can access backend operational information by...
CVE-2026-27689 Denial of service (DOS) in SAP Supply Chain Management
Due to an uncontrolled resource consumption Denial of Service vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution th...
[SECURITY] Fedora 42 Update: podman-5.7.0-1.fc42
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
Mattermost Server < 11.0.0 Multiple Vulnerabilities (MMSA-2024-00337, MMSA-2025-00493, MMSA-2025-00540)
The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities as referenced in the MMSA-2024-00337, MMSA-2025-00493, MMSA-2025-00540 advisory. - Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users ...
EUVD-2025-186557
Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...
EUVD-2019-7731
Malware in sbrugna...
EUVD-2019-7707
Malware in sbrugna...
EUVD-2019-7732
Malware in sbrugna...
EUVD-2019-7709
Malware in sbrugna...
EUVD-2019-7729
Malware in sbrugna...
EUVD-2019-7724
Malware in sbrugna...
EUVD-2019-9419
Malware in sbrugna...
EUVD-2019-7721
Malware in sbrugna...
SUSE CVE-2025-27236
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...
EUVD-2025-29155
Malicious code in bioql PyPI...