4215073 matches found
GNUnet P2P Framework 0.26.2
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...
sentinel
Sentinel — Agentic Code & System Quality Guardian Production-...
pnpm: Project env lockfile can short-circuit package-manager resolution and execute lockfile-selected pnpm bytes
Maintainer Action Plan This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path. - Advisory: CAND-PNPM-063 / GHSA-w466-c33r-3gjp - Advisory URL:...
Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)
Summary In gonic, the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view perform no per-resource authorization. Once authenticated as any user admin or not, an attacker can: 1. Delete any playlist owned by any other user including admin by passing its id. 2. Read the full...
gonic: Path Traversal in playlist `id` bypasses ownership check, enabling any user to read/delete other users' playlists
Summary The maintainer's recent fix in 6dd71e6a3c966867ef8c900d359a7df75789f410 fixsubsonic: enforce playlist ownership on getPlaylist/deletePlaylist added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controlled...
gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host
Summary A logic error in ServeCreateOrUpdatePlaylist allows any authenticated Subsonic user including non-admin to write playlist M3U content to an attacker-controlled absolute filesystem path on the gonic host, and to create intermediate directories with 0o777 permissions. The bug is independent...
pnpm: Repository-controlled configDependencies can select a pacquet native install engine
Maintainer Action Plan This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path. - Advisory: CAND-PNPM-097 / GHSA-gj8w-mvpf-x27x - Advisory URL:...
pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle
Summary Keep build approval for opaque dependency sources byte-exact for GHSA-5wx6-mg75-v57r / CAND-PNPM-123. Merged upstream commit bf1b731ee6 fixed the original name-only approval bypass by making build policy consume the resolved dependency identity. One collision remained: the generic...
pnpm: Repository config can expand victim environment secrets into registry requests before scripts run
Maintainer Action Plan This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path. - Advisory: CAND-PNPM-122 / GHSA-3qhv-2rgh-x77r - Advisory URL:...
ImageMagick has a Heap Buffer Over-Write in SF3 encoder when writing multi-frame image
An crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder...
ImageMagick: Memory Leak in wand option parser when providing invalid arguments
When providing invalid options to the wand option parser a small memory leak will occur...
GHSA-7MQQ-4V55-88GH Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors
Impact The Live Preview endpoint for existing entries and terms only checked view authorization, but it accepts and renders caller-supplied field values. A Control Panel user with view but not edit permission could therefore submit content they were not authorized to author and generate a shareab...
CVE-2026-54244
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...
Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors
Impact The Live Preview endpoint for existing entries and terms only checked view authorization, but it accepts and renders caller-supplied field values. A Control Panel user with view but not edit permission could therefore submit content they were not authorized to author and generate a shareab...
EUVD-2026-36602
Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection...
Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection
Description The getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero validation of the Host header: go func getRedirectURLc gin.Context string scheme := "http://" referer := c.Request.Referer if...
GHSA-9RC6-8CJV-RCVX Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection
Description The getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero validation of the Host header: go func getRedirectURLc gin.Context string scheme := "http://" referer := c.Request.Referer if...
EUVD-2026-36601
Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS...
Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS
Description The Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: - POST /api/v1/terminal → createTerminal terminal.go:27-67 - POST /api/v1/file → createFM fm.go:28-67 Both call rpc.NezhaHandlerSingleton.CreateStreamstreamId, ... which inserts a...
CVE-2026-54243
This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...