4 matches found
CVE-2026-44679
Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...
CVE-2026-44679
CVE-2026-44679 affects Tuist. Before 1.180.10, the forgot-password flow allows an unauthenticated attacker to repeatedly trigger password-reset emails for a known account without server-side throttling, enabling potential email spamming and downstream resource consumption in self-hosted deploymen...
CVE-2026-23939
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Store.Local' module allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines...
CVE-2026-23939
The CVE-2026-23939 issue affects the Local Storage backend of hexpm (Elixir.Hexpm.Store.Local) used in self-hosted deployments. The vulnerability is a path traversal flaw in local storage routines get/3, put/4, delete/2, and delete_many/2 within lib/hexpm/store/local.ex, allowing relative path tr...