SpiceDB: Caveat structures with nested lists can result in improper cache reuse

Impact Users are impacted if: - They have a caveat structure with a nested list, e.g.: zed caveat shapex list x == "a", "b" - Their system exercises that caveat with either CheckBulkPermission or else LookupResources running with the --experimental-lookup-resources-version flag set to lr3, implyi...

PT-2026-42696

Impact Users are impacted if: - They have a caveat structure with a nested list, e.g.: zed caveat shapex list x == "a", "b" - Their system exercises that caveat with either CheckBulkPermission or else LookupResources running with the --experimental-lookup-resources-version flag set to lr3, implyi...

CVE-2026-2729

The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public...

CVE-2026-25123

Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...

CVE-2026-25123

Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...

EUVD-2026-5564

Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...

CVE-2026-25123 Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping

Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...

CVE-2026-25123

Homarr (open-source dashboard) prior to version 1.52.0 contains an unauthenticated tRPC endpoint widget.app.ping that accepts an arbitrary URL and performs a server-side request. This enables SSRF from the Homarr server and can be used as a port-scanning primitive (open vs closed ports inferred f...

homarr 代码问题漏洞

Homarr is a customizable browser homepage developed by Thomas Camlong, used to interact with the Docker container of the main server. Versions of Homarr prior to 1.52.0 contained code vulnerabilities. These vulnerabilities stemmed from unvalidated tRPC endpoints that accepted arbitrary URLs and...

EUVD-2021-2349

Malware in sbrugna...

EUVD-2020-23862

Malware in sbrugna...

EUVD-2018-11891

Malware in sbrugna...

GHSA-GP2F-254M-RH32 Unauthorized access to data in @sap-cloud-sdk/core

Impact This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its...

CVE-2021-41251

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...

Design/Logic Flaw

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...

CVE-2021-41251 Possibility to elevate privileges or get unauthorized access to data

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...

rust: double free in Vec::from_iter function if freeing the element panics

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::fromiter function if freeing the element panics...

rust: double free in Vec::from_iter function if freeing the element panics

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::fromiter function if freeing the element panics...

rust: integer overflow in the Zip implementation can lead to a buffer overflow

In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again...

CVE-2021-28878

In the standard library in Rust before 1.52.0, the Zip implementation calls iteratorgetunchecked more than once for the same index under certain conditions when nextback and next are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the...