NocoDB: Shared-base link access can invite arbitrary users as persistent base members
NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion
NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord, Mattermost, Teams)
NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement
SpiceDB: Caveat structures with nested lists can result in improper cache reuse
Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss
Snappy: Binary path is never shell-escaped due to an inverted is_executable check
Snappy : SSRF and local file read via the xsl-style-sheet option
Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_restore_action() function in all versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with Subscriber-level access an...
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that passes...
Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read
Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger
Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives
Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the PREREQFUNCTION-based private IP check was not applied to HTTPRequest (used by the parse_urls API). An authenticated attacker can supply a URL pointing to an attacker-controlled server that responds with...
nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item