11545 matches found
EUVD-2026-44670
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORSORIGINS= combined with allowcredentials=True in lightrag/api/lightragserver.py, causing Starlette CORSMiddleware to effectively whitelist every origin for credentialed cross-origin request...
undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...
CVE-2026-50356
Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally...
CVE-2026-49784
Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Windows App Store allows an authorized attacker to elevate privileges locally...
CVE-2026-49165
Use of uninitialized resource in Microsoft Windows App Store allows an authorized attacker to disclose information locally...
CVE-2026-42900
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows App Store allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-50356 Microsoft Windows App Store Elevation of Privilege Vulnerability
...
CVE-2026-50356
CVE-2026-50356 describes a race-condition in Microsoft Windows App Store caused by concurrent execution using a shared resource with improper synchronization. This allows a locally authenticated attacker to elevate privileges. The fixed details or patch versions are not provided in the connected ...
CVE-2026-50356 Microsoft Windows App Store Elevation of Privilege Vulnerability
...
CVE-2026-49784 Microsoft Windows App Store Elevation of Privilege Vulnerability
...
CVE-2026-49784
Summary: CVE-2026-49784 describes a race condition in the Microsoft Windows App Store caused by concurrent access to a shared resource with improper synchronization. The vulnerability allows an authorized local attacker to elevate privileges. The reported CVSS v3.1 vector is AV:L/AC:H/PR:L/UI:N/S...
CVE-2026-49784 Microsoft Windows App Store Elevation of Privilege Vulnerability
...
CVE-2026-49165
The CVE-2026-49165 entry concerns the Microsoft Windows App Store. The connected sources confirm that the vulnerability arises from use of an uninitialized resource, enabling an authorized local attacker to disclose information. Impact is information disclosure with local access; CVSS 3.1 factors...
CVE-2026-49165 Microsoft Windows App Store Information Disclosure Vulnerability
...
CVE-2026-49165 Microsoft Windows App Store Information Disclosure Vulnerability
...
CVE-2026-42900 Microsoft Windows App Store Elevation of Privilege Vulnerability
...
CVE-2026-42900
The CVE-2026-42900 entry concerns a race condition caused by improper synchronization in the Windows App Store. Reported impact is privilege elevation over a network, implying an unauthorized attacker could exploit a timing-related flaw to escalate access. Documents consistently describe a concur...
CVE-2026-42900 Microsoft Windows App Store Elevation of Privilege Vulnerability
...
CVE-2026-52839 Easy!Appointments appointments/store and appointments/update allow cross-provider appointment injection — Authorization Bypass
Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 correctly filter provider-scoped appointments in the appointments/search response, proving that provider isolation is an intended security boundary. However, the direct mutation endpoints appointments/store and...
CVE-2026-52839
Easy!Appointments versions before 1.6.0 allow cross-provider appointment injection via unauthorized use of the store and update endpoints. The vulnerability arises because store/update do not verify that id_users_provider belongs to the current session, enabling a provider to add or reassign appo...