SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected
OpenBao: Transit secrets engine crashes on key creation with `derived: true` for asymmetric key types
OpenBao's System Backend allows Unauthorized Management of the containing Namespace
OpenBao: Cross-namespace lease revocation/renewal via canonical sys/leases/{revoke,renew} โ incomplete fix of CVE-2026-45808
OpenBao: LDAPi ldaputil (wrong escape func)
StarCitizenWiki Extension Embed Video: Stored XSS via malformed src url with $wgEmbedVideoRequireConsent enabled
Outerbase Studio: Stored XSS in Text Widget Leads to Authentication Token Exposure
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
Langflow: Unauthenticated DoS through multipart form boundary file upload
Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons (%3B) to smuggle matrix parameters past the security layer, ...
Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the plane allocation size ...
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` (`libde265/decctx.cc:481`) to attach slice headers to a finished picture object that has no active image unit, resulting in at...
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in `decoder_context::process_reference_picture_set()` (`libde265/decctx.cc:1376`). The root cause is a missing aggregate bound check on predic...
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an access control rule may be...
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
Langflow: Logout button does not clear session
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kestra task `inputFiles` writes rendered file names directly under the task working directory. When a flow forwards untrusted execution or webhook data into an `inputFiles` file name,...
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.