51 matches found
CVE-2026-13533
A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack...
CVE-2026-47236
Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...
CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission
Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...
EUVD-2026-36530
Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...
CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission
Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...
CVE-2026-11487 Neovim View Branch secure.lua M.read command injection
A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The...
CVE-2026-11487
A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The...
neovim 注入漏洞
Neovim is a modern, scalable text editor developed by Neovim OpenSource. Versions of Neovim 0.12.2 and earlier contained a vulnerability due to incorrect handling of the path parameter in the M.read function within the viewbranch component. This vulnerability could lead to command injection attac...
Fedora 45 : pcs (2026-acc29a96cf)
The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-acc29a96cf advisory. Automatic update for pcs-0.12.2-1.fc45. Changelog Thu Mar 5 2026 Michal Pospil - 0.12.2-1 - Rebased pcs to the newest major version see CHANGELOG.md...
CVE-2026-1213
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
GHSA-R2JV-FWFR-4J8C askbot inexhaustive permissions check allows any user to modify a different user's profile picture
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users. This issue affects askbot: 0.12.2...
askbot inexhaustive permissions check allows any user to modify a different user's profile picture
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users. This issue affects askbot: 0.12.2...
CVE-2026-1213
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
CVE-2026-1213 Askbot 0.12.2 - Insecure Direct Object Reference (IDOR)
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...
PT-2026-4914
Name of the Vulnerable Software and Affected Versions askbot versions prior to 0.12.2 Description An authenticated attacker with normal user permissions can modify the profile picture of other application users. Recommendations Update to a version later than 0.12.2...
CVE-2026-24048
CVE-2026-24048 affects Backstage FetchUrlReader in @backstage/backend-defaults prior to v0.12.2, v0.13.2, v0.14.1, and v0.15.0. The component would follow HTTP redirects, enabling an attacker who controls a host in backend.reading.allow to redirect requests to internal/sensitive URLs outside the ...
PT-2026-3880
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the FetchUrlReader component, used by the catalog and other...
CVE-2024-58339 LlamaIndex <= 0.12.2 VannaQueryEngine SQL Execution Allows Resource Exhaustion
LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...
LlamaIndex 安全漏洞
LlamaIndex is LlamaIndex open source a data framework for LLM applications. A security vulnerability exists in LlamaIndex 0.12.2 and earlier versions, which stems from a failure to enforce query execution restrictions in the VannaPack VannaQueryEngine implementation, which could lead to a...
CVE-2025-12843
Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...