π¨ CVE-2026-58370
Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name (commit.author.name) carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A user who can open a merge request from a fork can set the commit author name to match an entry in ApprovalAllowedUsers, causing needsApproval to return false so the pipeline runs without the required approval. This defeats the fork-approval security boundary and allows execution of attacker-controlled pipeline steps on a Woodpecker agent and exfiltration of CI secrets exposed to the run. Other built-in forge drivers (Gitea, Forgejo, GitHub, Bitbucket) derive pipeline.Author from the forge-validated sender/actor identity and are not affected.
π@cveNotify
Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name (commit.author.name) carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A user who can open a merge request from a fork can set the commit author name to match an entry in ApprovalAllowedUsers, causing needsApproval to return false so the pipeline runs without the required approval. This defeats the fork-approval security boundary and allows execution of attacker-controlled pipeline steps on a Woodpecker agent and exfiltration of CI secrets exposed to the run. Other built-in forge drivers (Gitea, Forgejo, GitHub, Bitbucket) derive pipeline.Author from the forge-validated sender/actor identity and are not affected.
π@cveNotify
GitHub
Use Gitlab username (#6653) Β· woodpecker-ci/woodpecker@98faae7
Woodpecker is a simple, yet powerful CI/CD engine with great extensibility. - Use Gitlab username (#6653) Β· woodpecker-ci/woodpecker@98faae7
π¨ CVE-2026-58371
SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared writeJson helper (weed/server/common.go), with no callback-name validation, no X-Content-Type-Options: nosniff header, and no CORS allow-list. Every JSON endpoint that uses writeJson - including the unauthenticated master endpoints /dir/status, /dir/lookup and /cluster/status, the volume server /status, and the filer directory listing, all reachable in the default configuration (no -whiteList, no security.toml, bound to 0.0.0.0) - can therefore be loaded cross-origin via a script tag with a chosen callback, letting a third-party web page read cluster topology, volume server URLs and gRPC ports, file identifiers, and directory listings. Because the callback string is reflected at the start of the body and no nosniff header is sent, MIME-sniffing clients may also interpret the reflected content as HTML.
π@cveNotify
SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared writeJson helper (weed/server/common.go), with no callback-name validation, no X-Content-Type-Options: nosniff header, and no CORS allow-list. Every JSON endpoint that uses writeJson - including the unauthenticated master endpoints /dir/status, /dir/lookup and /cluster/status, the volume server /status, and the filer directory listing, all reachable in the default configuration (no -whiteList, no security.toml, bound to 0.0.0.0) - can therefore be loaded cross-origin via a script tag with a chosen callback, letting a third-party web page read cluster topology, volume server URLs and gRPC ports, file identifiers, and directory listings. Because the callback string is reflected at the start of the body and no nosniff header is sent, MIME-sniffing clients may also interpret the reflected content as HTML.
π@cveNotify
GitHub
oss/seaweedfs.md at main Β· geo-chen/oss
securing oss responsibly. Contribute to geo-chen/oss development by creating an account on GitHub.
π¨ CVE-2026-58372
SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the DeleteObjects XML request body. Attackers can bypass authorization controls through a confused deputy condition, as the validateRequestPath middleware only inspects URL-captured path variables and never examines request-body keys, allowing the filer path to collapse directory traversal sequences and resolve deletions outside the authorized bucket.
π@cveNotify
SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the DeleteObjects XML request body. Attackers can bypass authorization controls through a confused deputy condition, as the validateRequestPath middleware only inspects URL-captured path variables and never examines request-body keys, allowing the filer path to collapse directory traversal sequences and resolve deletions outside the authorized bucket.
π@cveNotify
GitHub
oss/seaweedfs.md at main Β· geo-chen/oss
securing oss responsibly. Contribute to geo-chen/oss development by creating an account on GitHub.
π¨ CVE-2026-58377
JeecgBoot through 3.9.2 contains a broken access control vulnerability that allows authenticated low-privilege users to perform full create, read, update, and delete operations on OpenAPI credentials by accessing the OpenApiAuthController and OpenApiPermissionController endpoints which lack Shiro authorization annotations. Attackers can exploit the unenforced access controls to list, add, edit, and delete all AK/SK credential pairs, with the list endpoint returning secret keys in plaintext, enabling credential theft and unauthorized invocation of the OpenAPI surface.
π@cveNotify
JeecgBoot through 3.9.2 contains a broken access control vulnerability that allows authenticated low-privilege users to perform full create, read, update, and delete operations on OpenAPI credentials by accessing the OpenApiAuthController and OpenApiPermissionController endpoints which lack Shiro authorization annotations. Attackers can exploit the unenforced access controls to list, add, edit, and delete all AK/SK credential pairs, with the list endpoint returning secret keys in plaintext, enabling credential theft and unauthorized invocation of the OpenAPI surface.
π@cveNotify
GitHub
OpenAPI credential management missing authorization allows any user to read all AKSK credentials and call APIs without secret-keyβ¦
Summary The JeecgBoot OpenAPI module exposes credential-management endpoints (/openapi/auth/* and /openapi/permission/*) without any role or permission guard. Any authenticated user can enumerate a...
π¨ CVE-2026-10134
IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.
π@cveNotify
IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally move to other tenants on the same Langflow instance, and Establish persistence by modifying the public flow's `tool_code` so normal `/api/v1/build/...` calls by any user re-execute attacker code at each build.
π@cveNotify
Ibm
Security Bulletin: Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows
Langflow OSS contains unauthenticated server-side RCE via PythonCodeStructuredTool executing attacker-controlled Python through exec() at flow-build time. Sink in exec(self.tool_code, globals(), local_namespace) where tool_code is attacker-controlled templateβ¦
π¨ CVE-2026-7871
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.
π@cveNotify
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.
π@cveNotify
Ibm
Security Bulletin: Insecure Deserialization in Redis Cache Backend
A deserialization vulnerability was identified in the Redis cache service that could allow attackers with network access to the Redis instance to execute arbitrary code. The cache service used dill.loads() to deserialize cached values without integrity verificationβ¦
π¨ CVE-2026-7873
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
π@cveNotify
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
π@cveNotify
Ibm
Security Bulletin: Code Injection Vulnerability in Code Validation Endpoint
A code injection vulnerability was identified in the code validation endpoint that allowed authenticated users to execute arbitrary code on the server. The vulnerability existed in the validation logic which compiled and executed function definitions to checkβ¦
π¨ CVE-2026-13207
FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefixing paths with dot-segments such as /api/./users, /api/./roles, and /api/project/../users. These requests bypass authentication checks and return sensitive user and role data without credentials.
π@cveNotify
FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefixing paths with dot-segments such as /api/./users, /api/./roles, and /api/project/../users. These requests bypass authentication checks and return sensitive user and role data without credentials.
π@cveNotify
π¨ CVE-2026-44628
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.
π@cveNotify
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.
π@cveNotify
GitHub
Release Latest (updated on 2026-06-25 13:06 UTC) Β· DCMTK/dcmtk
Official DCMTK Github Mirror. Contribute to DCMTK/dcmtk development by creating an account on GitHub.
π¨ CVE-2026-35505
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.
π@cveNotify
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.
π@cveNotify
GitHub
Release Latest (updated on 2026-06-25 13:06 UTC) Β· DCMTK/dcmtk
Official DCMTK Github Mirror. Contribute to DCMTK/dcmtk development by creating an account on GitHub.
π¨ CVE-2026-50003
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.
π@cveNotify
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.
π@cveNotify
GitHub
Release Latest (updated on 2026-06-25 13:06 UTC) Β· DCMTK/dcmtk
Official DCMTK Github Mirror. Contribute to DCMTK/dcmtk development by creating an account on GitHub.
π¨ CVE-2026-50254
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it.
π@cveNotify
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it.
π@cveNotify
GitHub
Release Latest (updated on 2026-06-25 13:06 UTC) Β· DCMTK/dcmtk
Official DCMTK Github Mirror. Contribute to DCMTK/dcmtk development by creating an account on GitHub.
π¨ CVE-2026-52868
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.
π@cveNotify
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.
π@cveNotify
GitHub
Release Latest (updated on 2026-06-25 13:06 UTC) Β· DCMTK/dcmtk
Official DCMTK Github Mirror. Contribute to DCMTK/dcmtk development by creating an account on GitHub.
π¨ CVE-2026-58448
yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected endpoint lacking the @PreAuthorize annotation. Attackers can query any process-instance identifier through the unguarded GET endpoint to read sensitive workflow data including submitted form variables, approver identities, approval and rejection comments, and process BPMN XML without ownership or tenant party verification.
π@cveNotify
yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected endpoint lacking the @PreAuthorize annotation. Attackers can query any process-instance identifier through the unguarded GET endpoint to read sensitive workflow data including submitted form variables, approver identities, approval and rejection comments, and process BPMN XML without ownership or tenant party verification.
π@cveNotify
GitHub
Missing Permission Check on BPM Process Instance BPMN View Endpoint Allows Unauthorized Access to Workflow Data Β· Issue #315 Β·β¦
Summary The BPM (Business Process Management) module exposes a GET /bpm/process-instance/get-bpmn-model-view endpoint that returns the full approval workflow data for any process instance -- includ...
π¨ CVE-2025-71349
picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when pickle.load processes the file.
π@cveNotify
picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when pickle.load processes the file.
π@cveNotify
GitHub
Missing detection when calling built-in python trace.Trace.run
### Summary
Using trace.Trace.run, which is a built-in python library function to execute remote pickle file.
### Details
The attack payload executes in the following steps:
First, the ...
Using trace.Trace.run, which is a built-in python library function to execute remote pickle file.
### Details
The attack payload executes in the following steps:
First, the ...
π¨ CVE-2025-71350
picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collect_env.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
π@cveNotify
picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collect_env.run function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.
π@cveNotify
GitHub
Missing detection when calling pytorch function torch.utils.collect_env.run
### Summary
Using torch.utils.collect_env.run function, which is a pytorch library function to execute remote pickle file.
### Details
The attack payload executes in the following steps:
...
Using torch.utils.collect_env.run function, which is a pytorch library function to execute remote pickle file.
### Details
The attack payload executes in the following steps:
...
π¨ CVE-2025-71352
picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and execute code upon pickle.load() invocation.
π@cveNotify
picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and execute code upon pickle.load() invocation.
π@cveNotify
GitHub
Missing detection when calling built-in python trace.Trace.runctx
### Summary
Using trace.Trace.runctx, which is a built-in python library function to execute remote pickle file.
### Details
The attack payload executes in the following steps:
First, t...
Using trace.Trace.runctx, which is a built-in python library function to execute remote pickle file.
### Details
The attack payload executes in the following steps:
First, t...
π¨ CVE-2025-71355
Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring within the reduce method to import dangerous libraries like os and execute arbitrary OS commands when the pickle file is loaded.
π@cveNotify
Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring within the reduce method to import dangerous libraries like os and execute arbitrary OS commands when the pickle file is loaded.
π@cveNotify
GitHub
Picklescan failed to detect to some unsafe global function in Numpy library
### Summary
An unsafe deserialization vulnerability in Pythonβs pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. ...
An unsafe deserialization vulnerability in Pythonβs pickle module allows an attacker to bypass static analysis tools like Picklescan and execute arbitrary code during deserialization. ...
π¨ CVE-2025-71363
picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserialization.
π@cveNotify
picklescan before 0.0.30 fails to detect cProfile.run function calls in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with cProfile.run payloads that bypass picklescan detection and achieve code execution upon deserialization.
π@cveNotify
GitHub
Missing detection when calling built-in python cProfile.run
### Summary
Using cProfile.run function, which is a built-in python library function to execute remote pickle file.
### Details
The attack payload executes in the following steps:
First...
Using cProfile.run function, which is a built-in python library function to execute remote pickle file.
### Details
The attack payload executes in the following steps:
First...
π¨ CVE-2025-71368
picklescan before 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debug_script calls that bypass picklescan detection and execute arbitrary commands upon pickle.load invocation.
π@cveNotify
picklescan before 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debug_script calls that bypass picklescan detection and execute arbitrary commands upon pickle.load invocation.
π@cveNotify
GitHub
Missing detection when calling built-in python doctest.debug_script
### Summary
Using doctest.debug_script function, which is a built-in python library function to execute remote pickle file.
### Details
The attack payload executes in the following steps: ...
Using doctest.debug_script function, which is a built-in python library function to execute remote pickle file.
### Details
The attack payload executes in the following steps: ...
π¨ CVE-2025-71371
picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and execute arbitrary code when loaded via pickle.load().
π@cveNotify
picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and execute arbitrary code when loaded via pickle.load().
π@cveNotify
GitHub
Missing detection when calling built-in python code.InteractiveInterpreter
### Summary
Using code.InteractiveInterpreter.runcode, which is a built-in python library function to execute remote pickle file.
### Details
The attack payload executes in the following s...
Using code.InteractiveInterpreter.runcode, which is a built-in python library function to execute remote pickle file.
### Details
The attack payload executes in the following s...