CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

CVE-2021-22192

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server...

Foxit PDF Editor 安全漏洞

Foxit PDF Editor is a PDF editor from the Chinese company Foxit Foxit. A security vulnerability exists in Foxit PDF Editor versions prior to 13.2 and 2025 2025.2, which originates from a specially crafted JavaScript call to search.query that results in an out-of-bounds read, which may lead to...

CVE-2024-56089

An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack and inject fake responses by reviving the birthday attack...

Scrapy 资源管理错误漏洞

Scrapy is a free and open source web crawler framework written in Python by Scrapy Open Source. A resource management error vulnerability exists in Scrapy 2.13.2 and earlier versions, which stems from a flaw in the brotli decompression implementation that could lead to a denial of service attack...

CVE-2024-6838

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

FreeBSD Security Vulnerabilities

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD that stems from a denial of service DOS vulnerability in which the pf4 packet filter does not properly validate TCP sequence numbers. Affected products and versions: FreeBSD...

Vulnerabilities fixed in SugarCRM

Vulnerabilities have been fixed in SugarCRM. A malicious party can exploit the vulnerabilities to conduct a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the context of the victim's victim's browser, or access sensitive data in the context of the victim's...

CVE-2022-33736

A vulnerability has been identified in Opcenter Quality V13.1 All versions V13.1.20220624, Opcenter Quality V13.2 All versions V13.2.20220624. The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing...

Siemens Jt2go 缓冲区错误漏洞

Siemens Jt2go and Siemens Teamcenter Visualization are both products of Siemens, a German company. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. An out-of-bounds write vulnerability exists in Siemens JT2Go versions pri...

Siemens Jt2go 和 Siemens Teamcenter Visualization 缓冲区错误漏洞

Siemens Jt2go and Siemens Teamcenter Visualization are both products of the German company Siemens. Siemens Jt2go is a JT file viewer. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. An out-of-bounds write vulnerability...

GitLab 输入验证错误漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An input validation error vulnerability exists in GitLab...

CVE-2019-8793

A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2. A local user may be able to record the screen without a visible screen recording indicator...

DEBIAN-CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable...