Lucene search
K

1596 matches found

Nextcloud
Nextcloud
added 2026/05/12 8:22 a.m.11 views

Authorization bypass in approval feature allows unauthorized file sharing with approvers

None...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40332

Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication TOTP requirement entirely. Although, an attacker...

9.1CVSS5.8AI score0.00299EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 11:28 a.m.32 views

CVE-2026-43215

The CVE-2026-43215 issue affects the Linux kernel CIFS implementation: the code used cifs_tcp_ses_lock to guard tcon fields, but this lock protected more than intended. The patch introduces more granular locking (tc_lock) within tcon-related structures (in addition to srv_lock and ses_lock) to re...

8.8CVSS5.8AI score0.00298EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/01 1:56 p.m.17 views

CVE-2026-31710

CVE-2026-31710 — Linux kernel CIFS SMB1 UNIX mounts: A fix addresses incorrect dir separators caused by not updating @cifs_sb->mnt_cifs_flags after reset_cifs_unix_caps() when mounting SMB1 UNIX shares. The root cause is that the POSIX ACLs/paths flags (CIFS_MOUNT_POSIXACL, CIFS_MOUNT_POSIX_PA...

5.5CVSS5.7AI score0.001EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/30 11:47 a.m.4 views

CVE-2026-31693

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

7.8CVSS5.6AI score0.00129EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/04/30 11:47 a.m.7 views

EUVD-2026-26367

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

5.5AI score0.00129EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-31476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets...

8.2CVSS7.2AI score0.00499EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011392)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011392 advisory. A use-after-free flaw was found in smb2isstatusiotimeout in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local...

6.5CVSS7.2AI score0.01094EPSS
Exploits0References3
OSV
OSV
added 2026/04/13 3:4 p.m.3 views

SUSE-SU-2026:1298-1 Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue bsc1255235. - CVE-2025-39973: i40e: add validation for ringlen param...

7.8CVSS6.7AI score0.00204EPSS
Exploits0References15
SUSE Linux
SUSE Linux
added 2026/04/12 11:15 p.m.10 views

Security update for the Linux Kernel (Live Patch 69 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.261 fixes various security issues The following security issues were fixed: CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue bsc1255235. CVE-2025-39973: i40e: add validation for ringlen param...

8.7CVSS6.7AI score0.00204EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006803)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006803 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifsdebugdataprocshow Skip SMB sessions that are being...

7.8CVSS6.2AI score0.00246EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

QuickDrop 跨站脚本漏洞

QuickDrop is a self-hosted anonymous file sharing application developed by Rostislav. It supports multipart uploads and encrypted storage. Versions of QuickDrop prior to 1.5.3 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-related cross-site scripting flaw in...

6.1CVSS5.6AI score0.00187EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.8 views

CVE-2026-30961

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an...

4.3CVSS5.7AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.4 views

CVE-2019-25466

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

8.6CVSS6.4AI score0.00151EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/03/26 12:43 p.m.9 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-50453: gpiolib: cdev: fix NULL-pointer dereferences bsc1250887. CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue...

8.5CVSS6.6AI score0.0071EPSS
Exploits0References288
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.5 views

SUSE CVE-2026-30955

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext...

5.5CVSS6.6AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.6 views

PT-2026-25356

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.4 Description Gokapi is a self-hosted file sharing server. An authorization flaw in the file replace API allows a user with list visibility permission UserPermListOtherUploads to delete another user's file by...

9.9CVSS7.1AI score0.22162EPSS
Exploits69References136
EUVD
EUVD
added 2026/03/11 9:31 p.m.6 views

EUVD-2019-19737

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

8.6CVSS6.3AI score0.00151EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/11 8:14 p.m.31 views

CVE-2026-32108 Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access

Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature the shr global-option. This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the...

2.3CVSS0.00274EPSS
Exploits0References1
Rows per page
Query Builder