351 matches found
CVE-2025-54458
Mattermost Confluence Plugin vulnerability CVE-2025-54458: versions = 1.5.0 or apply vendor-provided fix as available.
CVE-2025-53910 Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...
CVE-2025-44001 Unauthorized Channel Subscription Read in Mattermost Confluence Plugin
Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint...
Linux Distros Unpatched Vulnerability : CVE-2022-50080
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in registershmhelper With special lengths supplied by user space,...
DEBIAN-CVE-2025-38434
In the Linux kernel, the following vulnerability has been resolved: Revert "riscv: Define TASKSIZEMAX for accessok" This reverts commit ad5643cf2f69 "riscv: Define TASKSIZEMAX for accessok". This commit changes TASKSIZEMAX to be LONGMAX to optimize accessok, because the previous TASKSIZEMAX defau...
CVE-2025-38434
In the Linux kernel, the following vulnerability has been resolved: Revert "riscv: Define TASKSIZEMAX for accessok" This reverts commit ad5643cf2f69 "riscv: Define TASKSIZEMAX for accessok". This commit changes TASKSIZEMAX to be LONGMAX to optimize accessok, because the previous TASKSIZEMAX defau...
UBUNTU-CVE-2022-50080
In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in registershmhelper With special lengths supplied by user space, registershmhelper has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This causes...
CVE-2022-50080
CVE-2022-50080 (Linux kernel) affects kernel code path for tee/shm handling. The issue is an integer overflow in register_shm_helper() when calculating pages for a memory region supplied by user space, which can lead to a NULL pointer dereference in internal_get_user_pages_fast() via pin_user_pag...
CVE-2023-26481
authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin or sent via email by an admin can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an...
CVE-2022-24980
An issue was discovered in the Kitodo.Presentation aka dif extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...
CVE-2022-24979
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes ESI content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference IDOR,...
CVE-2019-19845
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure...
CVE-2025-46326 Snowflake Connector for .NET has race condition when checking access to Easy Logging configuration file
snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration from a user-provided...
PT-2025-17921
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw was discovered in the software, where additional checks were required to ensure that users can only access cohort data they are authorized to retrieve. Recommendations At the moment,...
BIT-JOOMLA-2023-23752 [20230201] - Core - Improper access check in webservice endpoints
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints...
Linux Distros Unpatched Vulnerability : CVE-2023-0225
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any...
SUSE CVE-2022-49250
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fix accessing compander for aux AUX interpolator does not have compander, so check before accessing compander data for this. Without this checkan array of out bounds access will be made in compenabled arra...
CVE-2025-27089
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is...
SUSE CVE-2023-0459
Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond commit...
CVE-2024-3821
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdtajaxactions.php file in all versions up to, and including, 6.3.2. This makes it possible for...