3866 matches found
CVE-2026-41191 FreeScout's signature only mailbox permission allows unauthorized mailbox chat setting changes
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...
CVE-2026-41191 FreeScout's signature only mailbox permission allows unauthorized mailbox chat setting changes
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...
CVE-2026-41191
FreeScout vulnerability detail: before 1.8.215, MailboxesController::updateSave() persists chat_start_new outside the allowed-field filter. A user with only the mailbox sig permission can alter the hidden mailbox-wide chat setting via direct POST, despite UI restricting to the signature field. Ve...
EUVD-2026-24197
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chatstartnew outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...
PT-2026-34031
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chat start new outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011312)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011312 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: fbcon: release buffer when fbcondosetfont failed syzbot is reporting memory leak at...
EUVD-2026-23838
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...
GHSA-GQP3-HFC3-8Q54 Memos has an Incorrect Privilege Assignment issue
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...
Memos has an Incorrect Privilege Assignment issue
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...
CVE-2026-6634
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...
CVE-2026-6634
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...
CVE-2026-6634 usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...
CVE-2026-6634 usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization
A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...
EUVD-2026-23783
A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...
CVE-2026-6610 liangliangyy DjangoBlog Setting settings.py hard-coded credentials
A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...
EUVD-2026-23710
A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRETKEY results in hard-coded credentials. The attack can be launched remotely. Th...
PT-2026-33756
Name of the Vulnerable Software and Affected Versions usememos memos versions prior to 0.22.2 Description Improper authorization occurs in the UpdateInstanceSetting component within the file src/App.tsx. Specifically, manipulating the additionalStyle or additionalScript arguments in the memos...
Memos 安全漏洞
Memos is an open-source memo center with knowledge management and social features, hosted on a server. Memos versions 0.22.1 and earlier have a security vulnerability. This vulnerability stems from improper handling of the parameters additionalStyle/additionalScript in the UpdateInstanceSetting...
PT-2026-33716
A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...
CVE-2026-6578
Summary: CVE-2026-6578 affects the DjangoBlog app by liangliangyy up to version 2.1.0.0. The issue is located in djangoblog/settings.py (Setting Handler) where manipulating the SECRET_KEY leads to hard-coded credentials. It is possible to launch an attack remotely with high complexity, and the ex...