9 matches found
CVE-2026-46699
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...
CVE-2026-46699 conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...
CVE-2026-46699
CVE-2026-46699 affects the conda-smithy tool. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories due to using mutable GitHub usernames as identifiers for repository invitation routing, instead of stable GitHu...
PT-2026-50794
Name of the Vulnerable Software and Affected Versions conda-smithy versions prior to 3.61.0 Description conda-smithy is a tool that combines a conda recipe with configurations to build using freely hosted CI services into a single repository. A flaw in the conda-forge automated webservices allows...
PT-2026-30250
Name of the Vulnerable Software and Affected Versions OAuthenticator versions prior to 17.4.0 Description OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. An authentication bypass issue exists that allows an attacker with an unverified...
GHSA-Q82V-H4RQ-5C86 Rancher update on users can deny the service to the admin
Impact A vulnerability has been identified within Rancher Manager where a missing server-side validation on the .username field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts. Specifically: - Username takeover: A user wit...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization. An attacker with the Manage Users permission can prevent legitimate users, including administrators, from accessing the platform by modifying usernames to cause account lockouts or username takeovers. Workaround...
Omise: Facebook Username Takeover via Broken Link in Footer
The Facebook username associated with the broken link in the footer was available for takeover. This could have allowed an attacker to create a fake Facebook page and mislead users into trusting it...
RCE due to a dependency confusion
Description Hi team, I hope you are well. I found a dependency confusion vulnerability in this repo. When I analyzed your repo, I found a Makefile which install a dependency : https://github.com/openziti/ziti/blob/271614d50df5535cf99ad0882649ae0ef7bb88a2/ziti/MakefileL155 go get...