66 matches found
CVE-2026-58473
Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...
CVE-2026-58473
Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...
PT-2026-56255
Name of the Vulnerable Software and Affected Versions Cognee versions prior to 1.2.0 Description Improper access control allows unauthenticated attackers to overwrite the global LLM provider configuration. By self-registering an account and calling the '/api/v1/settings' endpoint, which lacks adm...
Security Bulletin: Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem
Summary The voice mode subsystem src/backend/base/langflow/api/v1/voicemode.py contains two critical vulnerabilities that enable cross-tenant API key reuse and billing fraud. The first vulnerability involves a process-global ElevenLabs client singleton that caches the first user's API key and...
CVE-2026-48529
GitHub MCP Server (versions 0.22.0–1.1.2) in HTTP mode with --lockdown-mode stores RepoAccessCache as a process-global singleton initialized with the first authenticated user’s GraphQL client. All subsequent requests reuse that singleton, causing lockdown queries to run with the first user’s toke...
GHSA-PJP5-FPMR-3349 GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion
Summary When running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from different users share this singleton and their lockdown-related GraphQL...
GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion
Summary When running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from different users share this singleton and their lockdown-related GraphQL...
PT-2026-52644
Name of the Vulnerable Software and Affected Versions GitHub MCP Server versions 0.22.0 through 1.1.1 Description When operating in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton. This singleton is initialized using the GraphQL client of t...
EUVD-2024-55616
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...
PT-2026-48402
Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability singletons. Attackers can trigger an infinite loop or denial of service during shutdown by exploiti...
CVE-2026-25551
Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...
EUVD-2026-34306
Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...
CVE-2026-25550
Seagull Software BarTender 2010, 2016, and 2019 expose an unauthenticated .NET Remoting service on TCP port 7375 (BtSystem.Service.exe). BarTenderSystem (BarTender 2016 ≤ R9) and DataServiceSingleton (BarTender 2019 ≤ R10) are registered as unauthenticated singleton endpoints configured with Bina...
CVE-2026-40474
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permissionrequired = 'config.changegymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permission is never enforced at runtime. Since GymConfig is an...
wger has Broken Access Control in Global Gym Configuration Update Endpoint
Summary wger exposes a global configuration edit endpoint at /config/gym-config/edit implemented by GymConfigUpdateView. The view declares permissionrequired = 'config.changegymconfig' but does not enforce it because it inherits WgerFormMixin ownership-only checks instead of the project’s...
PT-2026-33301
Name of the Vulnerable Software and Affected Versions wger versions prior to 2.5 Description An improper access control issue exists in the GymConfigUpdateView component. The view declares a required permission config.change gymconfig but fails to enforce it at runtime because it inherits...
CVE-2026-33544
CVE-2026-33544 affects tinyauth: before v5.0.5, GenericOAuthService, GithubOAuthService, and GoogleOAuthService store PKCE verifiers and access tokens on shared singleton instances. A race between VerifyCode() and Userinfo() during concurrent OAuth logins can cause one user’s session to be popula...
CVE-2026-33544 Tinyauth has OAuth account confusion via shared mutable state on singleton service instances
Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent...
CVE-2026-33544 Tinyauth has OAuth account confusion via shared mutable state on singleton service instances
Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent...
Tinyauth has OAuth account confusion via shared mutable state on singleton service instances
Summary All three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent requests. When two users initiate OAuth login for the same provider...