Lucene search
K

33 matches found

RedHat Linux
RedHat Linux
added 2026/06/23 1:16 a.m.7 views

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS6AI score0.12797EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.8 views

RHEL 8 : samba (RHSA-2026:28056)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28056 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

9.8CVSS6.1AI score0.12797EPSS
Exploits9References12
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.12 views

RHEL 9 : samba (RHSA-2026:28054)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28054 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

9.8CVSS6.1AI score0.12797EPSS
Exploits9References12
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.11 views

RHEL 8 : samba (RHSA-2026:28057)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28057 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

9.8CVSS6.1AI score0.12797EPSS
Exploits9References12
RedHat Linux
RedHat Linux
added 2026/06/15 2:59 p.m.11 views

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS5.7AI score0.12797EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.7 views

RHEL 9 : samba (RHSA-2026:25979)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25979 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

9.8CVSS5.8AI score0.12797EPSS
Exploits9References12
OSV
OSV
added 2026/06/05 8:34 a.m.7 views

SUSE-SU-2026:22080-1 Security update for samba

This update for samba fixes the following issues Security issues: - CVE-2026-1933: Missing access check on reparse point operations bsc1261188. - CVE-2026-2340: vfsworm does not block directory modification bsc1261158. - CVE-2026-3012: group policy certificate enrollment uses http: // without...

9.8CVSS5.6AI score0.12797EPSS
Exploits9References18
Cvelist
Cvelist
added 2026/06/01 4:38 p.m.34 views

CVE-2026-45155 Nextcloud: Private circle can be added to another circle via API

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by...

2.6CVSS0.002EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 4:38 p.m.29 views

CVE-2026-45155

Nextcloud Server is affected by CVE-2026-45155 due to a missing API-level access check that allows adding unknown circle IDs to other circles. Affected versions are 32.0.0–32.0.6 and 33.0.0–33.0.0 (i.e., before 32.0.7 and before 33.0.1). The underlying issue could enable unauthorized membership t...

2.6CVSS5.7AI score0.002EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.17 views

PT-2026-45538

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions 31.0.0 through 31.0.11 Nextcloud Server versions 32.0.0 through 32.0.2 Nextcloud Enterprise Server versions prior to 21.0.9.20 Nextcloud Enterprise Server versions prior to 22.2.10.35 Nextcloud Enterprise Server...

6.8CVSS6.1AI score0.00252EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/05/27 12:28 p.m.11 views

CVE-2026-1933

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.7AI score0.00862EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/05/26 12:36 p.m.19 views

Security update for samba

This update for samba fixes the following issues Security issues: CVE-2026-1933: Missing access check on reparse point operations bsc1261188. CVE-2026-2340: vfsworm does not block directory modification bsc1261158. CVE-2026-3012: group policy certificate enrollment uses http: // without validatio...

10CVSS5.9AI score0.12797EPSS
Exploits9References30
CVE
CVE
added 2026/05/15 7:41 p.m.29 views

CVE-2026-44559

Summary (CVE-2026-44559) Open WebUI’s channel membership endpoint has an access control flaw on standard channels. Prior to version 0.9.0, GET /api/v1/channels/{id}/members only enforced membership checks for channel types ‘group’ and ‘dm’; standard (including private) channels did not perform ch...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 10:48 p.m.20 views

Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys

Isolated paperclip instance running in authenticated mode default config on a clean Docker image matching commit b649bd4 2026.411.0-canary.8, post the 2026.410.0 patch. This advisory was verified on an unmodified build. Summary POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE...

6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/01 1:24 a.m.6 views

GHSA-RFPP-2HGM-GP5V Indico has a missing access check in the event series management API

Impact The API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this is limited to: - Getting the metadata title, category chain, start/end date for events in an existing series - Deleting an existing eve...

6.5CVSS6AI score0.00264EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.6 views

CVE-2026-27954

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

7.1CVSS5.3AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.18 views

CVE-2019-16698

The directmail aka Direct Mail extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user with restricted permissions to the feusers table to view and export data of frontend users who are subscribed to a newsletter...

4.3CVSS6.8AI score0.00685EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-8300

Malware in sbrugna...

5.7CVSS5.6AI score0.00891EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/11 6:57 p.m.22 views

CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...

4CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.4 views

CVE-2025-53910 Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...

4CVSS7AI score0.00196EPSS
Exploits0References1
Rows per page
Query Builder