CVE-2026-41014 Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

CVE-2026-41712

The CVE-2026-41712 entry concerns Spring AI's chat memory component, where a problematic default (DEFAULT_CONVERSATION_ID) can cause cross-user data exposure when not explicitly overridden. Affected element: the chat memory/session handling; root cause: default configuration that ties user conver...

Missing Authorization

Overview org.springframework.ai:spring-ai-openai is an OpenAI models support Affected versions of this package are vulnerable to Missing Authorization via the default configuration of the Spring AI chat memory component. An attacker can access data from other users when DEFAULTCONVERSATIONID is n...

CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory i...

CVE-2026-35367

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

CVE-2026-35367

The CVE concerns the nohup utility from the uutils coreutils project, where nohup.out is created without explicit restricted permissions, causing it to inherit umask-based permissions (typically 0644) and become world-readable. This differs from GNU coreutils, which creates nohup.out with owner-o...

OpenMage Magento Lts（Magento） 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from defects in the authorization logic for adding shared wish lists to the shopping car...

CVE-2026-28682

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...

CVE-2026-30231

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

AWS CLI: cli_history database does not restrict file permissions on Unix systems

Summary AWS CLI is a command line tool for interacting with AWS services. When the clihistory feature is enabled, the history database file is created with default permissions, potentially allowing other local users on a multi-user system to read the file. Impact When clihistory is enabled, AWS C...

CVE-2025-67860 NeuVector scanner insecurely handles passwords as command arguments

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

OpenSTAManager SQL注入漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager 2.9.8 and earlier contained a SQL injection vulnerability. This vulnerability stemmed from the idanagrafica parameter in the Scadenzario print template being...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat program from Rocket.Chat, Inc. A security vulnerability exists in Rocket.Chat version 6.12.0 and earlier, which stems from the API endpoint GET /api/v1/oauth-apps.get being exposed to any authenticated user, potentially leading to the disclosure of sensitive information...

Authorization Bypass

Axios Cache Interceptor is vulnerable to an Authorization Bypass. The vulnerability is due to improper cache key generation, where cached responses are keyed only by URL and ignore the Authorization header and Vary: Authorization, causing responses generated for one user’s auth token to be reused...

CVE-2023-45369

An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed...

CVE-2019-12743

HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits including self-hosted ones by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure...

EUVD-2025-199604

Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level including standard or low-privileged users, can make a GET request to this endpoint and retrieve a...

CVE-2025-11237

The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options...

CVE-2025-12779

Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract...