939 matches found
CVE-2024-13971
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...
EUVD-2024-55563
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...
CVE-2024-39847
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...
EUVD-2024-55562
Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...
PT-2026-35893
Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A logical error in the connection pooling mechanism may cause libcurl to reuse an incorrect connection for SMBS transfers. When reusing a connection, specific criteria must be met; however, a...
CVE-2026-41649
Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...
CVE-2026-41649 Outline has IDOR in document share creation that allows unauthorized access to private documents across workspaces
Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...
CVE-2026-41649
Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...
EUVD-2026-26144
Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...
CVE-2026-41649
Outline's shares.create in versions up to 1.7.0 has an insecure direct object reference when both collectionId and documentId are supplied; authorization checks only the collection, enabling authenticated users to generate a public share link for any document (even in other workspaces) and access...
PT-2026-35821
Name of the Vulnerable Software and Affected Versions Outline versions 0.86.0 through 1.6.9 Description An insecure direct object reference exists in the 'shares.create' API endpoint. When both collectionId and documentId are provided in a request, the authorization logic verifies access to the...
[SECURITY] Fedora 44 Update: smb4k-4.0.6-1.fc44
Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible...
[SECURITY] Fedora 42 Update: smb4k-4.0.6-1.fc42
Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible...
[SECURITY] Fedora 43 Update: smb4k-4.0.6-1.fc43
Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible...
Founder Liquidity Without Compromising on Growth
Founders can access liquidity without exiting by selling shares via secondary deals, reducing financial pressure while staying focused on long-term growth...
zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records
Summary The unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the condition short-circuits to false and allows the deletion to proceed without any ownership...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...