815 matches found
CVE-2026-29134 GINA Domain Switch
SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions...
CVE-2026-32695 Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative rules.hosts was...
EUVD-2026-16351
The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...
CVE-2026-33768 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`
Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...
KLA90958 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of...
CVE-2025-10731
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for...
CVE-2026-23536
A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker can bypass intended access restrictions to...
DEBIAN-CVE-2026-3939
Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. Chromium security severity: Low...
EUVD-2026-10846
In oobconfig, there is a possible bypass of carrier restrictions due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-25737 Budibase Arbitrary File Upload Leading to Multiple Critical Vulnerabilities (SSRF, Stored XSS)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these...
CVE-2026-28286
ZimaOS 1.5.2-beta3 is affected: the UI blocks file/folder creation in internal paths, but the API bypasses this validation, allowing arbitrary file/directory creation in sensitive dirs (e.g., /etc, /usr) via crafted requests. Root cause is improper API path validation, enabling path traversal-lik...
CVE-2026-27829
Astro versions 9.0.0–9.5.3 contain a bug in the image pipeline where inferSize fetches remote images at render time without validating domains, allowing SSRF by fetching from arbitrary hosts despite image.domains/image.remotePatterns restrictions. An attacker who can influence the image URL (e.g....
CVE-2026-27829 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize
Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an inferSize option that fetches remote images at rend...
PT-2026-20322
Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Description Gogs, an open-source self-hosted Git service, contains an access control bypass issue. Repository collaborators with Write permissions can delete protected branches, including the default branch, by...
qs 安全漏洞
QS is a JavaScript library developed by Jordan Harband. QS has a security vulnerability, which stems from the arrayLimit option not enforcing restrictions on comma-separated values when the comma option is enabled. This could lead to a memory-exploiting denial-of-service attack...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass security restrictions...
PT-2026-5360
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.26.4 Description Budibase is a low code platform used for building internal tools, workflows, and admin panels. A Creator-level user, normally lacking UI permissions to invite users, can manipulate API requests to...
CVE-2026-24779
A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class, specifically within the loadfromurl and loadfromurlasync methods. An attacker can exploit differing interpretations of...
BIT-NODE-2026-21636
A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...