1895 matches found
CVE-2026-8247
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker on the same local network segment to execute arbitrary code. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025.1 up to and...
next.js: Next.js: Unauthorized access to protected content via middleware bypass
A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...
CVE-2026-13207
FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...
CVE-2026-13207 Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing
FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...
CVE-2026-13207
The CVE refers to FUXA prior to 1.3.2 with an authentication bypass in the REST API caused by improper normalization of dot-segments in the router. Prefixing paths with dot-segments (e.g., /api/./users, /api/./roles, /api/project/../users) can bypass authentication and expose protected data such ...
CVE-2026-9263
The Zephyr Bluetooth controller ISO Adaptation Layer subsys/bluetooth/controller/llsw/isoal.c fails to validate the length field of a framed ISO PDU start segment. Per the Bluetooth specification a start segment sc=0 always carries a 3-byte timeoffset, so its segment-header len must be at least...
CVE-2026-9263
The CVE-2026-9263 issue affects Zephyr’s ISO Adaptation Layer (ISOAL) in the Bluetooth controller. The root cause is that framed ISO PDU start segments (sc=0) with len len - 3 to underflow when len is 0–2. This produced an oversized length (up to 253–255) that was passed to isoal_rx_append_to_sdu...
PT-2026-53986
Name of the Vulnerable Software and Affected Versions FUXA versions prior to 1.3.2 Description An authentication bypass exists in the REST API due to improper dot-segment path normalization. The API router does not normalize dot-segment sequences before the authentication middleware is applied...
CVE-2026-13513 MyScale MyScaleDB SegmentId.h getCacheKey data authenticity
A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack...
SUSE CVE-2026-53288
In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page for early kernel mapping The final part of data, end segment may overflow into the next page of initpgend1 which is the gap page before earlyinitstack2: 1 crasharm64v9.0.1 vtop ffffffed00601000 VIRTUA...
GHSA-2FP4-5V5C-4448 gonic: Path Traversal in playlist `id` bypasses ownership check, enabling any user to read/delete other users' playlists
Summary The maintainer's recent fix in 6dd71e6a3c966867ef8c900d359a7df75789f410 fixsubsonic: enforce playlist ownership on getPlaylist/deletePlaylist added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controlled...
CVE-2026-53288
CVE-2026-53288 affects the Linux kernel on arm64 and concerns the early kernel mapping. The issue arises where the final part of the [data, end) segment could overflow into the next page of init_pg_end, just before early_init_stack, when using 4K pages and 2MB block entries. This creates an addit...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: powerpc/64s/slb: Fixed the issue where multiple hits occurred during SLB preloading. On systems that use the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This...
PT-2026-51921
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the NTFS3 file system where the attr data get block locked function fails to load runs for vcn0 when it resides in a different attribute segment than vcn. This occurs...
GHSA-89MR-XQFV-758M Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym
Summary Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component — UploadRepoFiles is the lone outlier. An attacker with repo-wri...
Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym
Summary Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component — UploadRepoFiles is the lone outlier. An attacker with repo-wri...
JLSEC-2026-612 Path traversal in the HTTP.jl static file server via separator/absolute path segments
Description The static file server decoded the request path, split it on /, and rejected only segments exactly equal to . or ... Because URL-decoding ran before the / split, an encoded backslash %5c, a Windows drive specifier C:..., or a UNC prefix \host\share survived inside a single segment and...
Astra Linux – Vulnerability in open-iscsi
A issue was discovered in Contiki through version 3.0. An integer overflow exists in the uIP TCP/IP stack component when parsing TCP MSS options for IPv4 network packets in the uipprocess function in net/ipv4/uip.c...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Do not use DSISR for SLB faults. Since commit 46ddcb3950a2 “powerpc/mm: Show if a bad page fault on data is read or write”, we use pagefaultiswriteregs-dsisr in badpagefault to determine whether the fault is for a re...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an integer underflow leading to out-of-bounds read operations in the zgfxdecompresssegment function. In the context of CopyMemory, it’s possible to read dat...