Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from GPA in mshv intercepting unvalidated access types and regional permissions. This vulnerability ma...

GenieACS 安全漏洞

GenieACS is an open-source high-performance automatic configuration server designed for remote management of devices enabled with TR-069. Version 1.2.13 of GenieACS contains a security vulnerability, which stems from unvalidated access to the NBI API endpoint...

django-unicorn affected by component state manipulation via unvalidated attribute access

Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...

GHSA-FFV6-JJ46-X367 django-unicorn affected by component state manipulation via unvalidated attribute access

Summary Component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as templatename or trigger protected methods. Vulnerability...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview django-unicorn is an A magical full-stack framework for Django. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via unvalidated attribute access within the action parsers that fail to enforce visibility...

CVE-2026-31815

CVE-2026-31815 affects django-unicorn prior to 0.67.0. The issue stems from missing access control checks during property updates and method calls, allowing an attacker to bypass _is_public protection and modify internal attributes (e.g., template_name) or trigger protected methods. Fixed in 0.67...

CVE-2026-31815 django-unicorn affected by component state manipulation via unvalidated attribute access

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modi...

EUVD-2019-11974

Malware in sbrugna...

CVE-2025-50151

CVE-2025-50151 affects Apache Jena up to version 5.4.0, where file access paths in configuration files uploaded by administrators are not validated. The issue’s root cause is the missing validation of configuration file paths, allowing potential arbitrary file access. Mitigation: upgrade to Apach...

CVE-2019-13984

Directus 7 API before 2.3.0 does not validate uploaded files. Regardless of the file extension or MIME type, there is a direct link to each uploaded file, accessible by unauthenticated users, as demonstrated by the EICAR Anti-Virus Test File...

CVE-2025-28407

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/dictId endpoint does not properly validate whether the requesting user has permission to modify the specified dictId...

CVE-2024-6846

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...

CVE-2022-29226

Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current...

Samba Bypass Access Privilege Vulnerability

Samba is a set of programs that implement the SMB Server Messages Block protocol, cross-platform file sharing and print sharing services. An access privilege bypass vulnerability exists in the shadowcopy2getshadowcopydata function in the /vfsshadowcopy2.c module in Samba versions 4.x before 4.1.2...