7 matches found
PT-2026-26485
Name of the Vulnerable Software and Affected Versions dagu versions 2.0.0 through 2.3.0 Description Dagu suffers from a path traversal issue due to incomplete fixes for CVE-2026-27598. The initial fix addressed path traversal in the CreateNewDAG function, but the locateDAG function still allows...
CVE-2026-23185
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mloscanstartwk mloscanstartwk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queue issu...
Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...
GHSA-P2GR-HM8G-Q772 Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...
CVE-2025-14986
Temporal contains a namespace policy bypass vulnerability where, when frontend.enableExecuteMultiOperation is on, validation and feature gating for an embedded StartWorkflowExecutionRequest are evaluated against the embedded request’s Namespace instead of the outer ExecuteMultiOperationRequest.Na...
CVE-2025-14986 ExecuteMultiOperation Namespace Policy Bypass
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...
CVE-2025-14986 ExecuteMultiOperation Namespace Policy Bypass
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...