2490 matches found
CVE-2026-45243 Summarize < 0.15.1 Browser Extension Missing Authorization via Content Script
Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime messages with spoofed sender identifiers to list, read,...
NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows vulnerability discovered by ? in WordPress Npm budibase versions 3.38.1...
Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows
Summary The row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row actions on any row in the underlying table, including ro...
JLSEC-2026-508
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthesescope in prelexer.hpp...
lightrft (=0.1.0), rl-square (=0.0.1.post1) potentially affected by CVE-2026-7304 via sglang (>=0.4.5 <=0.4.6.post5)
sglang PYPI version =0.4.5, =0.4.6.post5 is affected by a known vulnerability. The following packages have a transitive dependency on sglang and may be impacted: - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-7304 Source advisory: OSV:GHSA-36M8-W8QF-G76P...
BIT-GITLAB-2026-3160 Unintended Proxy or Intermediary ('Confused Deputy') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a...
CVE-2026-44542
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an...
EUVD-2026-30344
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences e.g., ../ to escape the intended shared directory. As a result, an...
CVE-2026-3160
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a...
CVE-2026-1322
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...
CVE-2026-3160
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a...
CVE-2026-1322
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...
UBUNTU-CVE-2026-1322
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...
CVE-2026-1322
GitLab CVE-2026-1322 affects GitLab CE/EE; authenticated users with a read_api scoped OAuth app could create issues and add comments in private projects due to improper authorization. Affected versions: 16.0–<18.9.7, 18.10–<18.10.6, 18.11–
CVE-2026-1322
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...
EUVD-2026-30220
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...
CVE-2026-1322 Business Logic Errors in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...
CVE-2026-1322
Removed by vendor...
CVE-2026-3160
GitLab CVE-2026-3160 affects GitLab CE/EE versions 13.7–18.9.7, 18.10–18.10.5, and 18.11–18.11.2. An authenticated user could view Jira issues outside the configured project scope due to an integration filter that functioned only as display control rather than enforcing access boundaries. The iss...
CVE-2026-3160
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a...