74 matches found
Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders
Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folderuuid. The movesave handler then operates on a separate URL parameter fileuuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the upload...
ROS-20260527-73-0001
A vulnerability in the hi311x component of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service via a malicious package...
CVE-2026-7310
A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code execution. Successful...
Astra Linux - уязвимость в usbutils
The vulnerability of the readlinkrecursive function in the USBUtils utility is related to buffer overflow on the stack. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...
Astra Linux - уязвимость в corosync
The vulnerability of the removewhitespace function in the Corosync cluster engine is related to buffer overflows in the stack. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...
CVE-2026-39347
OrangeHRM Open Source vulnerability CVE-2026-39347 affects versions 5.0–5.8 where admin self-appraisal submissions can be modified after being marked completed, compromising integrity of finalized appraisal records. The issue is resolved in 5.8.1. Affected product: OrangeHRM Open Source; vulnerab...
PT-2026-30970
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability...
ROS-20260403-73-0035
A vulnerability in the scsi/libiscsi.c component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to gain access to confidential data, violate its integrity, and cause denial of service...
ROS-20260403-73-0009
A vulnerability in the fs/f2fs/f2fs/f2fs.h component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker to gain access to confidential data, violate its integrity, and cause denial of service...
ROS-20260320-73-0004
The vulnerability in the Go programming language is related to a flaw in the authorization procedure. Exploitation of the vulnerability allows an attacker acting remotely to affect the confidentiality and integrity of protected information...
CVE-2026-23808
A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key GTK on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthoriz...
ROS-20260209-73-0009
A vulnerability in the binutils/objcopy.c component of the GNU Binutils development tool is related to an operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information, violate its integrity, and...
Advisory ROSA-SA-2026-3127
software: freerdp 2.11.7 OS: ROSA-CHROME CVE-ID: CVE-2025-4478 BDU-ID: 2025-12117 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GNOME Remote Desktop service is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker acting remotely to compromise data...
ROS-20260126-73-0007
A vulnerability in the drivers/gpu/drm/vkms component of the Linux operating system kernel is related to memory usage after it has been freed. Exploitation of the vulnerability may allow an attacker to gain access to confidential data, violate its integrity, and cause a denial of service...
CVE-2011-0849
Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 allows remote attackers to affect integrity, related to HTML Adaptor...
ROS-20251226-7302
A vulnerability in the Twisted network framework is related to the failure to take measures to protect the structure of a web page. Exploitation of the vulnerability allows a remote attacker to gain access to sensitive data and compromise its integrity...
ROS-20251111-11
Vulnerability of function ffaacsearchfortns in component libavcodec/aacenctns.c of multimedia library FFmpeg is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an intruder acting remotely to gain unauthorized access to protected...
EUVD-2020-29044
Malware in sbrugna...
EUVD-2020-22503
Malware in sbrugna...
EUVD-2016-4503
Malware in sbrugna...