CVE-2026-23849 vulnerabilities

Vulnerabilities for packages: filebrowser...

CVE-2026-23849

File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...

CVE-2026-23849

creationtimestamp| type| source ---|---|--- 2026-01-18 09:35:49+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-43mm-m3h2-3prc 2026-01-19 22:35:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcspbnap4y2r 2026-01-21...

Azure Linux 3.0 Security Update: kernel (CVE-2024-23849)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23849 advisory. - In rdsrecvtracklatency in net/rds/afrds.c in the Linux kernel through 6.7.1, there is an off-by-one error fo...

CVE-2025-23849

Missing Authorization vulnerability in bpiwowar PAPERCITE papercite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PAPERCITE: from n/a through = 0.5.18...

CVE-2025-23849 WordPress PAPERCITE plugin <= 0.5.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in bpiwowar PAPERCITE papercite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PAPERCITE: from n/a through = 0.5.18...

CVE-2025-23849 WordPress PAPERCITE plugin <= 0.5.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in bpiwowar PAPERCITE papercite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PAPERCITE: from n/a through = 0.5.18...

CVE-2025-23849

CVE-2025-23849 concerns the PAPERCITE WordPress plugin (versions up to 0.5.18) with a Missing Authorization vulnerability arising from incorrectly configured access control levels. The Red Hat/NVD entries reiterate the issue and impact was not detailed beyond “Missing Authorization.” Potential im...

CVE-2024-23849 affecting package kernel for versions less than 6.6.35.1-4

CVE-2024-23849 affecting package kernel for versions less than 6.6.35.1-4. A patched version of the package is available...

Ubuntu: Security Advisory (USN-6819-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6819-2: Linux kernel vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service system crash. CVE-2023-6356, CVE-2023-6535, CVE-2023-6536 Chenyuan...

Ubuntu 23.10 : Linux kernel vulnerabilities (USN-6819-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

USN-6795-1: Linux kernel (Intel IoTG) vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 It was...

USN-6766-2: Linux kernel vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...

USN-6767-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service system crash. CVE-2024-23849 Several security issues were discovered in the Linux kernel. An attacker...

USN-6766-1: Linux kernel vulnerabilities

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service system crash. CVE-2024-1151 Sander Wiebing, Alvise de Faveri Tron, Herbert...

Ubuntu: Security Advisory (USN-6688-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: kernel

Issue Overview: A flaw was found in the ATA over Ethernet AoE driver in the Linux kernel. The aoecmdcfgpkts function improperly updates the refcnt on struct netdevice, and a use-after-free can be triggered by racing between the free on the struct and the access through the skbtxq global queue. Th...

Important: kernel-livepatch-4.14.336-253.554

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

Fedora: Security Advisory (FEDORA-2024-2116a8468b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...