Lucene search
K

29 matches found

EUVD
EUVD
added 2026/06/09 8:46 a.m.12 views

EUVD-2026-35385

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected system includes a binary that is configured with the capdacoverride capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access...

8.8CVSS5.5AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 12:31 a.m.3 views

GHSA-P8P9-5953-H9JW Concrete CMS is vulnerable to IDOR in AddMessage/UpdateMessage

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS5.7AI score0.00288EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 9:18 p.m.11 views

CVE-2026-7886 Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS5.7AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.16 views

PT-2026-42556

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description An Insecure Direct Object Reference IDOR exists in the 'AddMessage' and 'UpdateMessage' conversation controllers. These controllers accept user-supplied file attachment IDs through the attachmen...

2.3CVSS5.8AI score0.00288EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.9 views

AlmaLinux 8 : nodejs:24 (ALSA-2026:7670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7670 advisory. nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici: Undici:...

9.8CVSS5.9AI score0.26356EPSS
Exploits1References19
OSV
OSV
added 2026/04/13 12:0 a.m.9 views

ALSA-2026:7670 Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici:...

9.8CVSS5.8AI score0.26356EPSS
Exploits1References36
AlmaLinux
AlmaLinux
added 2026/02/17 12:0 a.m.7 views

Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

9.1CVSS5.6AI score0.03782EPSS
Exploits2References14
AlmaLinux
AlmaLinux
added 2026/02/10 12:0 a.m.7 views

Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

9.1CVSS6.3AI score0.03782EPSS
Exploits2References14
OSV
OSV
added 2026/02/03 12:0 a.m.6 views

ALSA-2026:1843 Important: nodejs22 security update

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

9.1CVSS5.6AI score0.03782EPSS
Exploits2References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-4919

Malware in sbrugna...

4.9CVSS6.1AI score0.01323EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-23132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - During Zabbix installation from RPM, DACOVERRIDE SELinux capability is in use to access PID files in /var/run/zabbix folder. In this case, Zabbix Proxy or Serve...

7.5CVSS6.3AI score0.00796EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2025/01/29 12:0 a.m.8 views

FreeBSD -- Buffer overflow in some filesystems via NFS

Problem Description: In order to export a file system via NFS, the file system must define a file system identifier FID for all exported files. Each FreeBSD file system implements operations to translate between FIDs and vnodes, the kernel's in-memory representation of files. These operations are...

6CVSS7.8AI score0.0042EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.27 views

RHEL 5 / 6 : JBoss Enterprise Web Server 1.0.2 update (Moderate) (RHSA-2011:0897)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0897 advisory. - tomcat: information disclosure in authentication headers CVE-2010-1157 - httpd modcache, moddav: DoS httpd child process crash by...

5CVSS5.8AI score0.52507EPSS
Exploits17References22
NVD
NVD
added 2024/03/21 2:52 a.m.16 views

CVE-2024-27105

Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds...

8.1CVSS8AI score0.00589EPSS
Exploits0References1
CVE
CVE
added 2024/03/20 6:11 p.m.64 views

CVE-2024-27105

CVE-2024-27105 affects Frappe before versions 14.66.3 and 15.16.0. The issue allows bypassing file permissions via certain endpoints, enabling less-privileged users to delete or clone files. A patch is included in 14.66.3 and 15.16.0. No workarounds are documented. Remediate by upgrading to 14.66...

8.1CVSS8AI score0.00589EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.7 views

PT-2024-21653 · Frappe · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 14.66.3 Frappe versions prior to 15.16.0 Description: Frappe is a full-stack web application framework. The issue allows file permission to be bypassed using certain endpoints, granting less privileged users permissio...

8.1CVSS6.4AI score0.00589EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/27 9:8 p.m.48 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID:CVE-2023-30582 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the failure to restrict file watching through the...

7.7CVSS7.8AI score0.03906EPSS
Exploits2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/14 9:7 p.m.10 views

CVE-2023-21290

In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.7AI score0.00068EPSS
Exploits0References2
Veracode
Veracode
added 2023/06/13 4:22 p.m.25 views

File Permission Bypass

libarchive.so is vulnerable to File Permission Bypass. The vulnerability exists due to a race condition in archivewritediskheader function at archivewritediskposix.c because the unmasking process does not take intro consideration other threads working on the same file, which allows an attacker to...

5.3CVSS6.7AI score0.00192EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 9:28 p.m.46 views

Security Bulletin: Multiple vulnerabilities in Docker affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Docker used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2022-24769 DESCRIPTION: Moby could allow a local attacker to gain elevated privileges on the system, caused by an issue with containers started incorrectly with...

6.3CVSS7.6AI score0.02693EPSS
Exploits3Affected Software1
Rows per page
Query Builder