88 matches found
CVE-2026-46656
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
CVE-2026-46657
Bludit CMS prior to 3.22.0 has a vulnerability in user management: when an administrator disables a user, tokenAuth and tokenRemember in the JSON database are not invalidated. As a result, users with an existing Remember Me cookie can bypass disablement and remain authenticated. This issue impact...
EUVD-2026-35085
Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...
CVE-2026-46656
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
EUVD-2026-35081
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
CVE-2026-46656 Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
CVE-2026-46656 Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
PT-2026-47328
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
Astra Linux - уязвимость в freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the sdlPointerNew function freed memory upon failure. However, after that function called pointerfree, it would call sdlPointerFree to free the memory again, triggering a Universal Address Fault UAF in ASan...
Astra Linux - уязвимость в freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, a capture thread sent sample responses using a freed channel callback after a device channel was closed, resulting in a use of memory after deallocation in ecamchannelwrite. This vulnerability has been fixed...
Astra Linux - уязвимость в freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the URBDRC client used server-supplied interface numbers as array indices without bounds checks, resulting in a out-of-bounds read in libusbudevselectinterface. This vulnerability has been fixed in version...
CVE-2026-42047
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the...
Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods
Summary A vulnerability in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve HTTP handler. The serve handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS...
PT-2026-37248
Name of the Vulnerable Software and Affected Versions Inngest versions 3.22.0 through 3.53.1 Description Unauthenticated remote attackers can exfiltrate environment variables from the host process via the 'serve' HTTP handler. While the 'serve' handler implements GET, POST, and PUT methods,...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010675)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010675 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010672)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010672 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code still...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010676)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010676 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, videotimer can send client notifications after the control channel is closed,...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010664)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010664 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is close...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007202)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007202 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. ainputsendinputevent caches channelcallback in a local variable and later uses it without...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007208)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007208 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audinserverrecvformats frees an incorrect number of audio formats on parse failure ...