7 matches found
CVE-2026-45264 Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames
Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...
ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames
None...
CVE-2026-32758
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...
CVE-2026-32758
The CVE-2026-32758 entry concerns File Browser, where versions 2.61.2 and earlier are vulnerable to Path Traversal via the resourcePatchHandler in http/resource.go. The flaw allows an authenticated user with Create or Rename permissions to bypass deny rules by injecting .. sequences in the destin...
CVE-2026-32758 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...
CVE-2026-25059
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...
curl 安全漏洞
curl is a tool for transferring data from or to a server. A security vulnerability exists in curl versions 7.69.0 through 7.83.1, which stems from the fact that curl can accidentally inflate the permissions of a target file during a rename operation...