34 matches found
CVE-2026-41712
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should still take care not to leak the CCS state from the previous user. cherry picked from commit...
GHSA-8C4J-F57C-35CF Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check
Vulnerability IDOR in GET/PATCH/DELETE /api/v1/flow/flowid The readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enabled, neither branch enforced an ownership chec...
CVE-2026-28216
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. user-environments.resolver.ts:82-109, updateUserEnvironment mutation uses @UseGuardsGqlAuthGuard but is missing the @GqlUser...
CVE-2025-14882 Insecure direct object reference
An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...
EUVD-2023-59116
Malicious code in bioql PyPI...
EUVD-2025-9685
Malicious code in bioql PyPI...
CVE-2025-48551
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-48551
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-48551
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-48551
CVE-2025-48551 involves an information-disclosure flaw in Android where an image can leak across the User isolation boundary due to a confused deputy. The vulnerability is local (AV:L/AC:L/PR:L/UI:R), requires user interaction, and could expose confidential data (C:H/I:N/A:N) without executing co...
CVE-2025-48551
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-48551
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
SUSE CVE-2022-50037
In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should still take care not to leak the CCS state from the previous user. cherry picked from commit...
DEBIAN-CVE-2022-50037
In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should still take care not to leak the CCS state from the previous user. cherry picked from commit...
CVE-2025-3086
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service...
CVE-2025-3086
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service...
CVE-2025-3086
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service...
CVE-2025-3086
CVE-2025-3086 affects M-Files Server prior to 25.3.14549. The issue is improper isolation of users, enabling an anonymous user to affect other anonymous users’ views and potentially cause a denial of service. Affected product: M-Files Server. Root cause: improper user isolation between anonymous ...