106 matches found
Bugsink: Project scoping missing in sourcemap and debug-file lookup
Summary Bugsink before 2.2.0 resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing in that project to use sourcemap/debug-file metadata uploaded for...
GHSA-7P8G-6C6G-H9W7 praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR
Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/agents/agentid gate access on requireworkspacememberworkspaceid only, then resolve agentid through AgentService.getagentid which is a primary-key lookup with no workspace...
BIT-AIRFLOW-2026-46764 Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter
The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...
CVE-2026-46764
The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...
CVE-2026-46764
The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...
CVE-2026-46764
The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...
CVE-2026-46764 Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter
The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...
CVE-2026-46764
The CVE-2026-46764 affects Apache Airflow’s Event Log APIs: the detail endpoint GET /api/v2/eventLogs/{event_log_id} returns audit-log rows by numeric ID after only a generic Audit Log permission check, while GET /api/v2/eventLogs applies per-Dag scoping. An authenticated user with audit-log read...
CVE-2026-46764 Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter
The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...
EUVD-2026-33584
The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...
PT-2026-45489
Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspace id/projects/project id and GET .../project id/stats gate access on require workspace memberworkspace id only, then resolve project id through ProjectService.getproject id /...
CVE-2026-41159
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...
CVE-2026-43917
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...
CVE-2026-43917 Dokploy: Cross-Organization IDOR - Multiple tRPC endpoints missing activeOrganizationId validation
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...
PT-2026-44929
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...
The Importance of Out-Of-Band Metadata for Safe Autonomous Agents: The Redpanda Agentic Data Plane
AI agents are increasingly expected to operate as digital employees: accessing enterprise data, making decisions, and taking actions autonomously. But agents are simultaneously less predictable than humans -- prone to hallucination, misinterpretation, and adversarial manipulation -- and more...
CVE-2026-47728
Bugsink (self-hosted error tracking) prior to 2.2.0 stores and looks up sourcemaps and debug files by debug ID without scoping to the owning project. An authenticated user with access to one project could cause event processing in that project to use sourcemap/debug-file metadata uploaded for ano...
CVE-2026-47728 Bugsink: Project scoping missing in sourcemap and debug-file lookup
Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing in that project to use...
AI_AutoExploitGeneration
🎯 AI-POWERED AUTOMATED EXPLOIT GENERATION AEG SYSTEM Vers...
Incorrect Authorization
Overview apache-airflow-providers-amazon is a Provider for Apache Airflow. Implements apache-airflow-providers-amazon package Affected versions of this package are vulnerable to Incorrect Authorization in the team-scoping logic. An attacker can access secrets belonging to other teams by crafting ...