460 matches found
CVE-2026-56247
Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...
CVE-2026-13484
A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high...
CVE-2026-55667
File Browser CVE-2026-55667 allows a scoped, non-admin user with only Create permission to delete files outside their scope during failed-upload cleanup. The issue stems from ScopedFs.RemoveAll bypassing the symlink guard that other methods enforce, with the direct-upload cleanup path invoking Re...
CVE-2026-40012
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...
CVE-2026-40012 Information about ECS zero scoped answers might leak to clients that use a specific ECS
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...
EUVD-2026-39356
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...
CVE-2026-40012
The vulnerability CVE-2026-40012 affects configurations with ECS enabled, where ECS zero-scoped answers are stored in the packet cache instead of being properly restricted, potentially leaking to clients. The issue has a network-based attack surface with low confidentiality impact (CVSS v3.1: 5.3...
CVE-2026-40012
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...
DEBIAN-CVE-2026-52844
Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy...
CVE-2026-56694
NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channel...
CVE-2026-56694
NanoClaw
CVE-2026-56225 Capgo - Authorization Bypass in API Key Management via App-Limited Keys
Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers get/put/delete/post. API keys created with mode=all but restricted to a single app via limitedtoapps are only checked for limitedtoorgs and not for limitedtoapps, so an app-scoped key ca...
CVE-2026-56225
Capgo before 12.128.2 has an authorization bypass in public API key management handlers (get/put/delete/post). Keys created with mode=all but limited_to_apps are not checked against limited_to_apps, only limited_to_orgs, allowing an app-scoped key to enumerate, update, and delete sibling API keys...
CVE-2026-56079
Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs. Attackers can query the webhooks and webhookdeliveries endpoints to exfiltrate HMAC signing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses a guard mutex to protect the device structure. However, the device is freed before the mutex cleanup runs, causing mutexunlock to opera...
GO-2026-5055 File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope in github.com/filebrowser/filebrowser
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope in github.com/filebrowser/filebrowser...
EUVD-2025-210155
An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...
CVE-2025-68713
An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...
CVE-2025-68713
Rakuten Send Anywhere for Android (com.estmob.android.sendanywhere, version 23.2.9) is affected. A vulnerability allows untrusted applications with no permissions to trigger arbitrary file downloads into the app’s scoped storage, with downloaded items appearing in the app’s trusted Received inter...
CVE-2025-68713
An issue was discovered in Rakuten Send Anywhere File Transfer for Android com.estmob.android.sendanywhere 23.2.9. The vulnerability allows untrusted applications with no permissions to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's...