6018 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper checking of the isusertask auxiliary function. This vulnerability could potentially caus...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to cancel the mloscanstartwk task. This vulnerability may lead to queuing after...
CVE-2026-25531
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...
CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...
CVE-2026-25531
Kanboard is affected by CVE-2026-25531 due to a missing permission check in the TaskCreationController::duplicateProjects() endpoint. The vulnerability allows an authenticated user to duplicate tasks into projects they should not access, enabling horizontal privilege escalation within Kanboard’s ...
CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...
CVE-2026-25531 Kanboard TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into...
CVE-2026-25935
Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...
n8n Node.js Package >= 1.65.0 < 1.114.3 Unsafe Buffer Allocation Memory Disclosure (CVE-2025-61917)
The version of the n8n Node.js Package installed on the remote host is = 1.65.0 and prior to 1.114.3. It is, therefore, affected by an information disclosure vulnerability: - The use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allows untrusted code to allocate uninitialize...
CVE-2026-26225
Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated...
CVE-2026-26225 Intego Personal Backup Task File Privilege Escalation
Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated...
CVE-2026-26225 Intego Personal Backup Task File Privilege Escalation
Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated...
CVE-2026-26225
Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated...
CVE-2026-26225
Intego Personal Backup on macOS is affected by a local privilege escalation due to processing of crafted serialized task files. Task definitions are stored in a location writable by non-privileged users, but are processed with elevated privileges, allowing an attacker to perform arbitrary file wr...
BIT-AIRFLOW-2026-22922 Apache Airflow: Airflow externalLogUrl Permission Bypass
Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...
PT-2026-7916
Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. Backup task definitions are stored in a location writable by non-privileged users while being processed with elevated...
Intego Personal Backup 后置链接漏洞
Intego Personal Backup is a backup tool developed by the Intego company. Intego Personal Backup has a post-installation vulnerability that stems from the fact that backup task definitions are stored in a location that can be written to by non-privileged users. However, these tasks are processed...
CVE-2020-37153
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...
CVE-2020-37153 ASTPP VoIP 4.0.1 - Remote Code Execution
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...
CVE-2020-37153 ASTPP VoIP 4.0.1 - Remote Code Execution
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...