286 matches found
mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check
A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...
ALPINE-CVE-2026-44169
MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...
CVE-2026-21021
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...
CVE-2026-21022
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...
Analyzing Concentration, Temporal Routines and Targeting in Public Ransomware Leak Site Data
Ransomware has grown to become one of the most damaging types of cybercrime, affecting private and public organizations in any sector. While early types of ransomware targeted many victims via automated attacks, ransomware groups have started to specifically target organizations and companies in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed the crash that occurred during decoder allocation. When the decoders of an intermediate port are exhausted by existing regions, and a new region is created with that port in its hierarchical path, the...
wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API
Summary Any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The RoutinePermission class grants read access to any authenticated user when a routine has...
GHSA-CJ9G-27PH-4CGV wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API
Summary Any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The RoutinePermission class grants read access to any authenticated user when a routine has...
EUVD-2026-29908
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...
EUVD-2026-29907
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...
GHSA-V25J-WQCW-FVHJ wger has an Uncontrolled Resource Consumption issue
Summary Any authenticated user can create a routine spanning an arbitrarily long date range e.g. 100 years and then trigger the datesequence computation via any of the routine detail endpoints. The server iterates once per day in an unbounded while loop with no maximum duration validation, causin...
CVE-2026-21022
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-21021
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...
CVE-2026-21022
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-21022
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-21022
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-21022
Technical details about CVE-2026-21022 are not publicly available in the provided documents. Monitor for updates from Samsung security advisories and CVE listings.
CVE-2026-21021
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...
CVE-2026-21021
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...
CVE-2026-21021
Technical details are not publicly available in the provided documents. Monitor for updates.