CVE Catalog

A vulnerability exists in OpenStack Keystone's federated token rescoping mechanism, specifically in versions prior to 29.0.2. When a federated user rescopes a token, the original token's expiry is not transferred to the new token. Instead, the token provider issues a new token with a default time-to-live (TTL). This flaw allows users to extend their access indefinitely by repeatedly rescoping tokens before they expire, circumventing configured token lifetime policies. The issue arises only in deployments using federated identity protocols such as SAML2 or OpenID Connect.

A vulnerability in Local Deep Research versions prior to 1.6.0 allows for HTML injection via unescaped user input in the PDF export feature. The issue arises in the PDFService._markdown_to_html() method, where user-controlled values such as the research title and metadata are interpolated into an HTML document without proper escaping. An authenticated attacker can exploit this by crafting a research query that includes HTML special characters, injecting arbitrary HTML tags that are processed by WeasyPrint during PDF export. This injection can be leveraged to perform Server-Side Request Forgery (SSRF) attacks, bypassing the application's existing SSRF defenses.

A vulnerability in OpenStack Keystone prior to version 29.0.2 allows for user impersonation and unauthorized privilege escalation. When an attacker with the member role on a project exploits this vulnerability, they can impersonate a user with higher privileges and escalate their own role to admin. This is achieved by injecting a 'user' field into the application credential authentication payload, which Keystone improperly validates. The impersonated token carries the victim's identity, enabling the attacker to create a trust that delegates administrative roles. All actions performed under the escalated privileges are logged under the victim's identity.

A vulnerability exists in OpenStack Keystone versions prior to 29.0.2, allowing authenticated users to inject arbitrary policy target attributes via the JSON request body. This injection bypasses role-based access control (RBAC) checks, enabling unauthorized operations on resources belonging to other users or projects. The vulnerability arises because the Keystone RBAC policy enforcer unconditionally merges the raw JSON request body into the policy enforcement dictionary, overwriting trusted target data from database lookups. Exploitation is possible regardless of the Content-Type or HTTP method, due to the use of 'force=True' in the 'get_json' method.

A vulnerability in OpenStack Keystone versions prior to 29.0.2 allows for user impersonation via the application credential authentication plugin. The vulnerability arises because the plugin does not verify that the user specified in the authentication request belongs to the owner of the application credential. This flaw enables an attacker to authenticate using their own application credential ID and secret while falsely representing another user's name and domain. As a result, Keystone issues a token associated with the victim user, which can be used to evade audits, access the victim's credentials, and act on their behalf in shared projects. Additionally, this impersonation can be combined with trusts to escalate privileges from member to admin within a project.

A vulnerability allowing arbitrary file upload has been identified in SourceBans Material Admin version 1.1.6 prior to 1.1.6@fb18342. This vulnerability exists in the 'pages/admin.uploadmapimg.php' component, where the upload handler only checks the file's reported Content-Type and PHP upload error code. This allows authenticated attackers with the ADMIN_ADD_SERVER flag to bypass the Content-Type validation and upload malicious files, such as PHP shells, which can be executed on the server.

A SQL injection vulnerability has been identified in SourceBans Material Admin versions prior to 1.1.6, specifically in the ChangeAdminsInfos endpoint. This vulnerability allows authenticated attackers to manipulate user data by injecting malicious payloads into profile link fields. The injection exploits a flaw in how user input is sanitized, leading to unauthorized modifications of admin credentials and privileges. Additionally, the absence of CSRF protection on this endpoint enables a one-click account takeover by chaining a cross-site request forgery with the SQL injection.

A server-side request forgery (SSRF) vulnerability has been identified in pyLoad, a Python-based download manager, in versions prior to 0.5.0b3.dev100. The issue arises because the private IP check, based on the PREREQFUNCTION, was not properly applied to the HTTPRequest used by the parse_urls API. This oversight allows an authenticated attacker to send a URL that redirects to an internal or private IP address, bypassing the is_global_host() validation. The vulnerability exploits the default setting of HTTPRequest to allow private IPs, enabling access to cloud metadata or internal services.

A vulnerability exists in Electerm versions prior to 3.9.5, where the encryption method used for syncing bookmark and profile data is insecure. The application employs deterministic AES-192-CBC encryption with a fixed zero initialization vector (IV), a constant key derivation function (KDF) salt, and no message authentication code (MAC). This flaw allows attackers to decrypt data by cracking common passwords used across different installations and to manipulate configuration or bookmark data by undetected bit-flipping of the ciphertext.

A vulnerability in CodeWhale, a DeepSeek + MiMo coding agent, prior to version 0.8.26, allows for unauthorized shell access through the task_create tool. The vulnerability arises because sub-agents spawned by task_create inherit two insecure default settings: allow_shell, which defaults to true, and auto_approve, which also defaults to true. When a user approves a task_create call, they believe they are authorizing a benign work prompt. However, the sub-agent receives unrestricted shell access without additional approval. This issue is fixed in version 0.8.26.

A server-side request forgery (SSRF) vulnerability has been identified in CodeWhale, a DeepSeek + MiMo coding agent, prior to version 0.8.26. The issue arises because, although SSRF is normally validated against hostnames that resolve to private IPv6 addresses, the validation fails when the IPv6 address '::1' is used in the URL. This allows access to local restricted resources.

A local code execution vulnerability has been identified in Electerm versions 3.0.6 through 3.8.8. This issue allows any process of the same user to send a JSON payload to Electerm's single-instance socket or pipe. As a result, the application can be manipulated to create new tabs and potentially execute local processes controlled by the attacker. This vulnerability affects Electerm installations that are configured to run as a single instance on the user's machine.

A stored cross-site scripting vulnerability has been identified in pyLoad versions prior to 0.5.0b3.dev100. The issue arises in the packages.js template, where user-submitted package link URLs are interpolated into a template literal without proper HTML escaping. This unsanitized injection allows an attacker to execute JavaScript in the browser of any user who opens the downloads view. The vulnerability is exacerbated by the absence of a Content Security Policy that would restrict inline scripts or event handlers.

A cross-site scripting vulnerability has been identified in the MeshCore Lovelace card for Home Assistant, affecting versions prior to 0.3.3. The issue arises because MeshCore node names are rendered without proper HTML escaping, allowing nodes within direct or indirect radio range to execute arbitrary JavaScript in the Home Assistant frontend for anyone viewing the card. This vulnerability is particularly critical as it can be exploited without any user interaction, simply by viewing the affected dashboard.

A vulnerability in CodeWhale, specifically in the DeepSeek + MiMo coding agent, versions 0.3.0 prior to 0.8.23, allows the run_tests tool to execute cargo test in the workspace with automatic approval. This design choice creates a security inconsistency, as it enables test code in a malicious repository to run arbitrary shell commands, exfiltrate credentials, or establish persistence without user consent. The vulnerability is exacerbated by AGENTS.md, which can prompt the model to run tests at the beginning of a session.

A server-side request forgery (SSRF) vulnerability has been identified in CodeWhale, a DeepSeek + MiMo coding agent for the terminal, in versions prior to 0.8.22. The issue arises in the fetch_url tool, which initially validates URLs against a restricted-IP blocklist to prevent SSRF attacks on internal services, such as cloud metadata endpoints and private networks. However, the HTTP client used in fetch_url is set to automatically follow redirects without re-checking the redirect target against the same SSRF protections. This flaw allows an attacker to bypass the SSRF safeguards and access restricted internal services.

An open redirect vulnerability has been identified in Speakr, a self-hosted web application for transcribing audio recordings, in versions prior to 0.8.20-alpha. The issue arises in the is_safe_url() helper, which validates post-login redirect targets. The helper incorrectly processed scheme-relative URLs by resolving them to the same host during validation, while the raw URL was sent unmodified in the Location header. This allowed for redirection to an attacker-controlled site after login, potentially initiating phishing attacks from a trusted Speakr deployment.

A vulnerability in pyLoad, a Python-based download manager, allows authenticated attackers to bypass storage folder restrictions and access other users' session files, leading to account takeover. This issue affects pyLoad versions prior to 0.5.0b3.dev100. The vulnerability arises because the fix for CVE-2026-33509 did not account for the Flask session directory, allowing attackers to manipulate session storage and steal session files through the application's file retrieval endpoint.

A cross-tenant Insecure Direct Object Reference (IDOR) vulnerability has been identified in OpenReplay versions prior to 1.26.0. This issue arises in the feature-flag and assist-stats routes due to a case mismatch in the project_id parameter. In the ProjectAuthorizer.__call__ method, the authorization checks are only performed when the project identifier is set to 'projectId' (camelCase). In the Enterprise Edition (EE) multi-tenant environment, feature-flag queries only consider the project_id, ignoring the tenant_id. As a result, an authenticated user in one tenant can access, modify, or delete feature-flag data belonging to another tenant by sequentially iterating through project and feature flag IDs. Additionally, the assist-stats routes can unintentionally expose cross-tenant session analytics. This vulnerability does not affect the OpenReplay Open Source (OSS) version, which is designed to be single-tenant.

A cross-tenant information disclosure vulnerability has been identified in OpenReplay's Python API, prior to version 1.26.0. The issue arises in several 'app_apikey' routes that accept a caller-provided 'projectKey'. The API only validates the authenticity of the API key and the existence of the projectKey, without ensuring that both belong to the same tenant. This flaw allows an attacker with a valid API key to access another tenant's project by reusing its public projectKey. Exploitation of this vulnerability enables the attacker to enumerate user sessions and retrieve sensitive session event data from the targeted tenant.

A vulnerability in Electerm versions through 3.8.8 allows for persistent local pseudo-terminal code execution. This issue arises from imported bookmark JSON files or compromised synchronization targets, such as Gist or WebDAV. Attackers can inject executable fields or global configuration settings, leading to remote code execution when the bookmark is accessed or during the synchronization process.

A vulnerability in Kuma's default control plane configuration allows the admin bootstrap token and signing keys to be leaked to any webpage the operator visits. This issue affects Kuma versions prior to 2.7.25, 2.9.0 through 2.9.15, 2.11.0 through 2.11.13, 2.12.0 through 2.12.10, and 2.13.0 through 2.13.5. The vulnerability arises because the default CORS settings allow any origin, and the 'LocalhostIsAdmin' feature promotes requests from localhost to admin status. As a result, a cross-origin fetch from a malicious site can retrieve the admin JWT and signing materials.

A vulnerability exists in Nautobot versions prior to 2.4.33 and 3.1.2, allowing users with permission to modify GitRepository records to improperly edit the current_head field via the REST API. This unintentional edit could lead to Nautobot's local repository clones checking out incorrect commits, creating a misleading state, or causing the repository to become unusable until manually fixed. The issue has been addressed in Nautobot versions 2.4.33 and 3.1.2.

A server-side request forgery (SSRF) vulnerability has been identified in Nautobot versions prior to 2.4.33 and 3.1.2. This vulnerability allows users with sufficient access to configure webhooks that can send requests to hosts and IP addresses that should be blocked. The issue arises from the webhook data model's flexibility, which could be exploited to perform unauthorized requests.

A denial-of-service vulnerability has been identified in Nautobot's object-bulk-rename UI endpoints, such as '/dcim/interfaces/rename/'. This issue affects Nautobot versions prior to 2.4.33 and 3.1.2. The vulnerability arises when users craft malicious regular expressions in the 'find' field, particularly when the 'use_regex' option is enabled. Such crafted expressions can cause the application to hang indefinitely, leading to a significant degradation of service.

A vulnerability exists in Nautobot's REST API prior to versions 2.4.33 and 3.1.2, allowing users to create or update objects with GenericForeignKey references to other objects without proper view permissions. This could lead to unauthorized access to certain objects, such as Devices, by exploiting the GenericForeignKey feature. The issue affects several models that use GenericForeignKey and may be writable via the REST API, including ImageAttachment, ContactAssociation, and others.

A vulnerability in SandboxJS versions prior to 0.9.6 allows sandboxed functions to access Function.caller. This exposure lets the sandboxed code retrieve a sensitive internal callback, which can be manipulated to extract restricted host information, access the real host Function constructor, and execute arbitrary JavaScript in the host environment. The issue arises from the property access logic that fails to properly restrict access to certain function properties, enabling the leakage of a privileged callback that can be exploited to bypass the sandbox's security measures.

A vulnerability exists in TP-Link Tapo L535E (versions 1.0 and 3.0), Tapo P300 (version 1.0), and Tapo D100C (version 1.0). During the initial setup, Bluetooth communication is transmitted in cleartext without encryption. This vulnerability could be exploited by an attacker within Bluetooth range using sniffing or man-in-the-middle techniques, potentially allowing eavesdropping on the communication, manipulation of setup data, and unauthorized control of the device.

A vulnerability exists in Casdoor versions through 2.362.0, where the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs. This acceptance occurs without verifying that the response corresponds to an AuthnRequest previously issued by Casdoor. Furthermore, if an administrator disables or deletes an Identity Provider (IdP) after a SAML flow has started, the handler processes the response using the provider snapshot from the beginning of the request. Consequently, an attacker controlling a registered upstream IdP can send unsolicited SAML responses or replay a captured response in a different session or after the original flow has ended. In both scenarios, Casdoor accepts the response, issues a session, and enables persistent unauthorized access.

A vulnerability in Casdoor's token exchange mechanism in versions through 2.362.0 allows for unauthorized privilege escalation. The issue arises because the 'GetTokenExchangeToken()' function validates the JWT signature and claims but fails to check if the token has been revoked or invalidated. As a result, administrators cannot terminate active sessions or revoke compromised tokens, potentially allowing malicious tokens to be exchanged for elevated privileges.

A vulnerability exists in Casdoor versions through 2.362.0, where the application fails to properly enforce time bounds on SAML assertions. The gosaml2 library calculates time validations, including 'NotOnOrAfter' and 'NotBefore' conditions, but these are reported in the 'assertionInfo.WarningInfo' field, which is not read by Casdoor's 'ParseSamlResponse()' function'. As a result, time-bound validations are effectively ignored, allowing assertions to be accepted even if they are expired or not yet valid, before the user session is created.

A vulnerability in Casdoor versions through 2.362.0 allows for the replay of SAML assertions, enabling unauthorized access to user sessions, including those of administrators. This issue arises because SAML assertions are mapped to user sessions without proper replay protection. The vulnerability exists in the SAML service provider implementation, where assertions can be reused to obtain authenticated sessions without requiring the user's password or multi-factor authentication (MFA) credentials.

A vulnerability in Casdoor versions through 2.362.0 allows cross-organization token exchange, leading to privilege escalation. The issue arises in the GetTokenExchangeToken function, which validates JWT signatures but fails to ensure that the token's user is from the same organization as the target application. This oversight can result in unauthorized access across different organizations.

A vulnerability exists in Casdoor versions 2.362.0 and earlier, where the SAML service provider implementation fails to validate the AudienceRestriction element in SAML assertions. The issue arises because the buildSp function does not set the AudienceURI on the gosaml2 SAMLServiceProvider struct, nor does it check for audience mismatch warnings. This oversight allows assertions intended for other service providers to be accepted by Casdoor.

A vulnerability in Casdoor versions through 2.362.0 allows for account takeover via unverified email binding. The issue arises because the 'getExistUserByBindingRule' function matches users by email without verifying the 'email_verified' claim from upstream providers. The 'idp.UserInfo' struct lacks an 'EmailVerified' field, enabling attackers to use unverified email claims to take over accounts associated with those email addresses.

A logic flaw has been identified in Casdoor's social-login binding flow, present in versions through 2.362.0. This flaw allows users to bypass configured multi-factor authentication (MFA) requirements. The issue arises because the binding-rule code path in 'controllers/auth.go' directly calls 'HandleLoggedIn' without first checking if MFA is enabled. As a result, users authenticating through this pathway are logged in without any MFA enforcement.

An authentication bypass vulnerability has been identified in Casdoor versions through 2.362.0. This issue arises because the buildSpCertificateStore function extracts X.509 certificates directly from incoming SAML responses, rather than using a trusted, pre-configured Identity Provider certificate. As a result, attackers can supply their own signing certificates to forge assertions, bypassing authentication controls.

A vulnerability exists in the TP-Link Archer C64 V1 due to improper authentication rate-limiting on a debug SSH service. This flaw allows unlimited authentication attempts using the same credentials as the web interface, enabling brute-force attacks on valid SSH credentials. Exploitation of this vulnerability could lead to an attacker with adjacent network access obtaining administrative credentials, thereby gaining full administrative access to the device.

A vulnerability exists in Tigera Calico's command-line tool, calicoctl, when it is run with verbose log levels (info or debug). Under these conditions, calicoctl inadvertently logs sensitive connection details to stderr, including inline kubeconfig with bearer tokens, Kubernetes API bearer tokens, etcd passwords, and inline PEM-encoded etcd client certificates and keys. This information can be extracted by anyone with access to the stderr output, such as through CI job logs, session recordings, shared support ticket transcripts, or local file viewers on the host where calicoctl was executed. The issue arises because calicoctl's default log level is set to panic, meaning the vulnerability only manifests when verbose logging is explicitly activated.

A routing vulnerability exists in the Hono web application framework for JavaScript runtimes, affecting versions prior to 4.12.21. The issue arises in the app.mount() function, which incorrectly strips the mount prefix from request paths that include percent-encoded multi-byte characters. This mismatch causes mounted sub-applications to receive garbled or partial paths, disrupting the intended routing. The vulnerability can lead to middleware or route handlers being bypassed or misrouted, particularly when the request URL contains encoded non-ASCII characters.

A cookie injection vulnerability has been identified in the Hono web application framework, prior to version 4.12.21. The issue arises in the serialize() function of hono/cookie, which validates domain and path options to prevent corruption of Set-Cookie header syntax. However, this validation is not applied to the sameSite and priority options. As a result, an application that accepts user-controlled input for these options may inadvertently create a Set-Cookie header with additional attributes chosen by the attacker. This vulnerability could allow for cookie attribute injection, potentially overriding important cookie settings, or even injecting a second Set-Cookie header in responses from runtimes with lax header validation.

A vulnerability in the Hono web application framework's IP restriction middleware prior to version 4.12.21 allows for the bypass of static deny rules for non-canonical IPv6 addresses. The middleware compares incoming IP addresses against configured rules using string equality after partial normalization. This approach fails to recognize certain representations of IPv6 addresses, such as compressed forms or hex-notation IPv4-mapped addresses, leading to unauthorized access where IP-based restrictions are intended.

A vulnerability exists in the Hono web application framework's JWT and JWK middlewares, prior to version 4.12.21. These middlewares fail to ensure that the Authorization header value adheres to the Bearer scheme. As a result, any two-part header value, regardless of the scheme name, is processed for JWT verification. This flaw allows a valid JWT under a non-Bearer scheme identifier, such as Basic or Token, to be authenticated as if it were a properly formatted Bearer request. The issue arises because the middleware does not check that the first token is 'Bearer', allowing bypass of network-layer security controls that rely on scheme-specific policies.

A vulnerability in the OpenTelemetry Java libraries, specifically in the baggage propagation implementation of the OpenTelemetry API and the trace propagators extension, prior to version 1.62.0, allows for unbounded memory allocation and CPU consumption. This issue arises from the W3CBaggagePropagator not enforcing limits on the size or entry count of the 'baggage' header, leading to potential performance degradation. The problem can propagate to downstream services via re-injected headers, causing further resource strain.

A remote code execution vulnerability has been identified in the Tauri-based GitButler desktop application, affecting versions prior to 0.19.7. The issue arises from the ability to inject a malicious link into the body of a pull request. If this link is clicked by a user, it can lead to arbitrary script execution within the Tauri webview. Users who have not enabled forge integration are not vulnerable.

A denial-of-service vulnerability has been identified in Matrix Synapse versions prior to 1.152.1. This issue allows local authenticated users to consume excessive CPU resources, causing other requests to fail and denying service to other users. Homeservers that trust all local users are not vulnerable.

A denial-of-service vulnerability has been identified in Element Synapse versions prior to 1.152.1. In federated rooms, malicious homeservers can manipulate room events, causing Synapse to withhold complete history from clients that are paginating. As a result, these clients may not properly display the room history.

A vulnerability exists in Rancher Local Path Provisioner versions prior to 0.0.36, allowing a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace to manipulate the helperPod.yaml template. This template, used to create HelperPods during Persistent Volume Claim (PVC) operations, lacks proper validation, enabling the injection of security-sensitive fields such as privileged security contexts, hostPath volumes, and Linux capabilities. Exploiting this flaw can lead to the creation of a privileged pod on the target node, with the host root filesystem mounted, potentially allowing access to sensitive host files, ServiceAccount tokens from other pods, local-path volume data from other tenants, or modification of files on the host node.

A vulnerability in the CloudNativePG metrics exporter prior to versions 1.29.1 and 1.28.3 allows for privilege escalation to PostgreSQL superuser and arbitrary OS command execution as the postgres user inside the primary pod. This issue arises because the exporter opens a PostgreSQL connection as the postgres superuser via a pod-local Unix socket, then demotes the session with SET ROLE pg_monitor. However, the session_user remains postgres, allowing exploitation by invoking RESET ROLE to regain superuser privileges and using COPY ... TO PROGRAM to execute commands at the OS level.

A vulnerability in Zed code editor versions prior to 0.229.0 allows users to bypass the terminal tool permission system. This is achieved through bash arithmetic expansion, which can be used to execute arbitrary commands nested within an allowlisted command, such as echo. The issue arises because the permission system's regex validation does not account for the arithmetic expansion syntax, enabling unauthorized command execution.