USN-8413-1: Cyborg vulnerabilities

It was discovered that Cyborg did not properly enforce project ownership in the Accelerator Request ARQ API. An authenticated user could possibly use this issue to delete ARQs bound to other projects' instances, resulting in a cross-tenant denial of service. CVE-2026-40214 It was discovered that...

CVE-2026-45743

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...

CVE-2026-40214

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

CVE-2026-28736

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued...

wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data

Summary Five routine detail action endpoints check a cache before calling self.getobject. Cache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API, an attacker can retrieve the cached response for the same PK without any ownership...

CVE-2026-0998

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate user identity and post ownership in the /api/v1/askPMI endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via...

CVE-2025-14778

A vulnerability in Keycloak’s UMA Protection API (UserManagedPermissionService) allows horizontal privilege escalation when updating or deleting a UMA policy tied to multiple resources. The authorization check currently validates ownership only against the first resource in the policy’s list, ena...

📄 macOS Sierra 10.12 Build 16A323 Double-Free / Privilege Escalation

macOS Sierra version 10.12 Build 16.A323 local privilege escalation proof of concept exploit. A flaw in the MIG ownership model within the ioserviceaddnotificationool routine of IOKit allows a malicious user to leak Mach port send-right references. By repeatedly invoking notifications with...

CVE-2025-66551 Nextcloud Tables is missing an ownership check which allows moving columns into tables of other users

Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3...

EUVD-2018-2737

Malware in sbrugna...

The vulnerability of the IOCTL Handler components in the zam64.sys and zamguard64.sys drivers of the Zemana AntiLogger software allows a hacker to induce a service failure.

The vulnerability of the IOCTL Handler component of the zam64.sys and zamguard64.sys drivers in the Zemana AntiLogger software is related to improper checking of ownership of critical resources. Exploiting this vulnerability allows an attacker to cause a service failure by executing the IOCTL...

Ubuntu USN-770-1 (clamav)

The remote host is missing an update to clamav announced via advisory USN-770-1. OpenVAS Vulnerability Test $Id: ubuntu7701.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu7701.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-770-1 clamav Authors: Thomas Rein...

Ubuntu 9.04 : clamav vulnerability (USN-770-1)

A flaw was discovered in the clamav-milter initscript which caused the ownership of the current working directory to be changed to the 'clamav' user. This update attempts to repair the incorrect ownership for standard system directories, but it is recommended that the following command be perform...