100 matches found
CVE-2026-24900
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...
CVE-2026-24900
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...
PT-2026-7131
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/html content accepted a select file id parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not...
CVE-2026-23522
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, knowledgeBase.removeFilesFromKnowledgeBase tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. userId filter in the database query is commented out, so it's...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed a potential use-after-free in smb2queryinfocompound When smb2QueryInfoCompounded attempts to retry, the previously allocated cfid might have been freed during the first attempt. Since the cfid was not reset...
CVE-2025-14802 LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion
The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/fileid REST API endpoint. This is due to a parameter mismatch between the DELETE operation and authorization check, where the...
CVE-2025-66515
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...
SUSE CVE-2025-40320
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential cfid UAF in smb2queryinfocompound When smb2queryinfocompound retries, a previously allocated cfid may have been freed in the first attempt. Because cfid wasn't reset on replay, later cleanup could act o...
CVE-2025-40320 smb: client: fix potential cfid UAF in smb2_query_info_compound
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential cfid UAF in smb2queryinfocompound When smb2queryinfocompound retries, a previously allocated cfid may have been freed in the first attempt. Because cfid wasn't reset on replay, later cleanup could act o...
CVE-2025-66515
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...
CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...
CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...
EUVD-2025-201457
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...
CVE-2025-66515 Nextcloud Approval app allows users to request approval for other users file
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerabilit...
CVE-2025-66515
The CVE describes an authorization flaw in the Nextcloud Approval app where an authenticated user listed as a workflow requester can place another user’s file into the “pending approval” state using the file’s numeric id, without having access to the file. This affects versions prior to 1.3.1 and...
CVE-2025-13787
A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack...
PT-2025-48389
Name of the Vulnerable Software and Affected Versions ZenTao versions up to 21.7.6-8564 Description A flaw exists in ZenTao related to improper privilege management. The issue is located in the file::delete function within the module/file/control.php file of the File Handler component. Manipulati...
EUVD-2019-11407
Malware in sbrugna...
EUVD-2023-28824
Malicious code in bioql PyPI...
EUVD-2022-48083
Malicious code in bioql PyPI...