Lucene search
K

158 matches found

NVD
NVD
added 2026/06/30 7:16 a.m.12 views

CVE-2026-9576

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...

4.9CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 6:0 a.m.14 views

CVE-2026-9576

CVE-2026-9576 affects the Fluent Booking WordPress plugin (versions before 2.1.2). The vulnerability arises from not verifying ownership of the requested group_id before exporting attendees data via the export endpoint, allowing users with at least the Calendar Manager role to access attendees’ P...

4.9CVSS5.8AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:0 a.m.6 views

EUVD-2026-40264

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...

4.9CVSS5.8AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 9:16 p.m.12 views

CVE-2026-44784

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:23 p.m.30 views

CVE-2026-44784 Discourse: Non-staff group owners can see email password in plaintext through group history

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:23 p.m.12 views

EUVD-2026-36587

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:23 p.m.9 views

CVE-2026-44784 Discourse: Non-staff group owners can see email password in plaintext through group history

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001128)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001128 advisory. The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where...

7.8CVSS6.4AI score0.0101EPSS
Exploits2References31
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003102)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003102 advisory. The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where...

7.8CVSS6.4AI score0.0101EPSS
Exploits2References31
SUSE CVE
SUSE CVE
added 2025/12/17 12:30 a.m.5 views

SUSE CVE-2025-40355

In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 "net: sysfs: Implement isvisible for physportid, portname, switchid", devchangenetnamespace can hit WARNON when trying to change owner of...

5.5CVSS6.5AI score0.00155EPSS
Exploits0References20
EUVD
EUVD
added 2025/12/16 3:30 p.m.8 views

EUVD-2025-203632

In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 "net: sysfs: Implement isvisible for physportid, portname, switchid", devchangenetnamespace can hit WARNON when trying to change owner of...

5.9AI score0.00155EPSS
Exploits0References3
NVD
NVD
added 2025/12/16 2:15 p.m.5 views

CVE-2025-40355

In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 "net: sysfs: Implement isvisible for physportid, portname, switchid", devchangenetnamespace can hit WARNON when trying to change owner of...

0.00155EPSS
Exploits0References2
OSV
OSV
added 2025/12/16 2:15 p.m.7 views

AZL-72487 CVE-2025-40355 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 "net: sysfs: Implement isvisible for physportid, portname, switchid", devchangenetnamespace can hit WARNON when trying to change owner of...

5.6AI score0.00155EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/12/16 2:15 p.m.4 views

CVE-2025-40355

In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 "net: sysfs: Implement isvisible for physportid, portname, switchid", devchangenetnamespace can hit WARNON when trying to change owner of...

5.7AI score0.00155EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/12/16 1:30 p.m.27 views

CVE-2025-40355 sysfs: check visibility before changing group attribute ownership

In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 "net: sysfs: Implement isvisible for physportid, portname, switchid", devchangenetnamespace can hit WARNON when trying to change owner of...

0.00155EPSS
Exploits0References2
OSV
OSV
added 2025/12/16 1:30 p.m.5 views

CVE-2025-40355 sysfs: check visibility before changing group attribute ownership

In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 "net: sysfs: Implement isvisible for physportid, portname, switchid", devchangenetnamespace can hit WARNON when trying to change owner of...

6.3AI score0.00155EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.16 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from sysfs changing group attribute ownership without checking visibility, which could result in a warning message...

6.2AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51571

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.1-1-mainline 1...

5.3AI score0.00155EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-40355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 net: sysfs: Implement isvisible for physportid, portname, switchid,...

6AI score0.00155EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/10 6:30 p.m.7 views

sd changes the group ownership of the source file

An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...

8.4CVSS7.1AI score0.00168EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder