UFO³ 安全漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains security vulnerabilities. These vulnerabilities stem from the WebSocket control plane’s reliance on identity and role fields provided by clients,...

PT-2026-41869

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the Admin API allows a low-privilege administrator with the 'view-clients' role to cause cross-role personally identifiable information PII leakage. By invoking the 'evaluate-scope...

CVE-2026-42069

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42069

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

CVE-2026-42069

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

EUVD-2026-28888

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities, which stem from the lack of permission control over access to site, user, and role information...

Kirby CMS's read access to site, user and role information is not gated by permissions

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. This vulnerability is of high severity for affected sites. Sites using Kirby are not affected if they intend all users of the site to be able to list and access the site...

CVE-2025-61197

CVE-2025-61197 affects Orban Optimod family (5950, 5950HD, 5750, 5750HD, Trio) with version 1.0.0.33 up to 2.5.26. The root cause is that the application stores user privilege/role information in the client-side browser storage, enabling a remote attacker to escalate privileges. CVSS data in the ...

PT-2024-20237 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions prior to 4.3.0-RC1 Description: A SQL injection issue exists, allowing an attacker to perform SQL injection by passing crafted offset, limit, and sort parameters via the "/system/roleDataPerm/list" API endpoint...

PT-2016-3892 · Huawei · Fusioncompute

Name of the Vulnerable Software and Affected Versions: Huawei FusionCompute versions prior to V100R005C10SPC700 Description: The issue allows remote authenticated users to obtain sensitive role and permission information via unspecified vectors. Recommendations: For versions prior to...