Lucene search
+L

66 matches found

NVD
NVD
added 2026/07/07 9:17 p.m.23 views

CVE-2026-58473

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS0.00372EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:34 p.m.6 views

CVE-2026-58473

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS6AI score0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.6 views

PT-2026-56255

Name of the Vulnerable Software and Affected Versions Cognee versions prior to 1.2.0 Description Improper access control allows unauthenticated attackers to overwrite the global LLM provider configuration. By self-registering an account and calling the '/api/v1/settings' endpoint, which lacks adm...

9.3CVSS6.1AI score0.00372EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:23 p.m.6 views

Security Bulletin: Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem

Summary The voice mode subsystem src/backend/base/langflow/api/v1/voicemode.py contains two critical vulnerabilities that enable cross-tenant API key reuse and billing fraud. The first vulnerability involves a process-global ElevenLabs client singleton that caches the first user's API key and...

9.6CVSS5.8AI score0.00201EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/26 4:33 p.m.28 views

CVE-2026-48529

GitHub MCP Server (versions 0.22.0–1.1.2) in HTTP mode with --lockdown-mode stores RepoAccessCache as a process-global singleton initialized with the first authenticated user’s GraphQL client. All subsequent requests reuse that singleton, causing lockdown queries to run with the first user’s toke...

6CVSS5.8AI score0.00205EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 9:32 p.m.7 views

GHSA-PJP5-FPMR-3349 GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion

Summary When running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from different users share this singleton and their lockdown-related GraphQL...

6CVSS5.9AI score0.00205EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/25 9:32 p.m.12 views

GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion

Summary When running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from different users share this singleton and their lockdown-related GraphQL...

6CVSS5.9AI score0.00205EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52644

Name of the Vulnerable Software and Affected Versions GitHub MCP Server versions 0.22.0 through 1.1.1 Description When operating in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton. This singleton is initialized using the GraphQL client of t...

6CVSS5.7AI score0.00205EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/10 12:36 p.m.11 views

EUVD-2024-55616

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...

2.9CVSS5.5AI score0.0011EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48402

Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...

2.9CVSS5.5AI score0.0011EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 6:16 p.m.12 views

CVE-2026-25551

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

8.5CVSS0.0013EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 5:20 p.m.14 views

EUVD-2026-34306

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

8.5CVSS6.2AI score0.0013EPSS
Exploits0References3
CVE
CVE
added 2026/06/04 5:13 p.m.31 views

CVE-2026-25550

Seagull Software BarTender 2010, 2016, and 2019 expose an unauthenticated .NET Remoting service on TCP port 7375 (BtSystem.Service.exe). BarTenderSystem (BarTender 2016 ≤ R9) and DataServiceSingleton (BarTender 2019 ≤ R10) are registered as unauthenticated singleton endpoints configured with Bina...

9.8CVSS6.5AI score0.00729EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 9:39 p.m.5 views

CVE-2026-40474

wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permissionrequired = 'config.changegymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permission is never enforced at runtime. Since GymConfig is an...

7.6CVSS5.8AI score0.00333EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 1:35 a.m.7 views

wger has Broken Access Control in Global Gym Configuration Update Endpoint

Summary wger exposes a global configuration edit endpoint at /config/gym-config/edit implemented by GymConfigUpdateView. The view declares permissionrequired = 'config.changegymconfig' but does not enforce it because it inherits WgerFormMixin ownership-only checks instead of the project’s...

7.6CVSS5.8AI score0.00333EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33301

Name of the Vulnerable Software and Affected Versions wger versions prior to 2.5 Description An improper access control issue exists in the GymConfigUpdateView component. The view declares a required permission config.change gymconfig but fails to enforce it at runtime because it inherits...

7.6CVSS6.1AI score0.00333EPSS
Exploits1References14
CVE
CVE
added 2026/04/02 3:0 p.m.11 views

CVE-2026-33544

CVE-2026-33544 affects tinyauth: before v5.0.5, GenericOAuthService, GithubOAuthService, and GoogleOAuthService store PKCE verifiers and access tokens on shared singleton instances. A race between VerifyCode() and Userinfo() during concurrent OAuth logins can cause one user’s session to be popula...

7.7CVSS5.8AI score0.00338EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/02 3:0 p.m.20 views

CVE-2026-33544 Tinyauth has OAuth account confusion via shared mutable state on singleton service instances

Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent...

7.7CVSS0.00338EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/02 3:0 p.m.4 views

CVE-2026-33544 Tinyauth has OAuth account confusion via shared mutable state on singleton service instances

Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent...

7.7CVSS5.8AI score0.00338EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/01 7:52 p.m.10 views

Tinyauth has OAuth account confusion via shared mutable state on singleton service instances

Summary All three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent requests. When two users initiate OAuth login for the same provider...

7.7CVSS6AI score0.00338EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder