Lucene search
K

1605 matches found

CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Nextcloud Temporary files lock 授权问题漏洞

NextCloud Temporary Files Lock is an open-source tool developed by NextCloud for locking temporary files, preventing others from editing them. In versions 32.0.0 to 32.0.2 and 33.0.0 to 33.0.1 of NextCloud Temporary Files Lock, there were authorization-related vulnerabilities. These vulnerabiliti...

6.3CVSS5.3AI score0.00211EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/30 8:13 a.m.17 views

CVE-2026-45058

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured...

9.4CVSS6.5AI score0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:47 p.m.11 views

CVE-2026-8360 Gladinet Triofox Unchecked Return Value to NULL Pointer Dereference DOS

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 5:17 p.m.7 views

GHSA-WC7J-G8WX-M2QX Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling

Summary Pimcore's WebDAV asset endpoint exposes a MOVE operation through /asset/webdavpath without adding an authentication plugin in the WebDAV controller. The Tree::move implementation then performs asset mutation and deletion before checking a current Pimcore user or any asset permissions. An...

8.1CVSS6AI score0.00141EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/27 5:17 p.m.11 views

Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling

Summary Pimcore's WebDAV asset endpoint exposes a MOVE operation through /asset/webdavpath without adding an authentication plugin in the WebDAV controller. The Tree::move implementation then performs asset mutation and deletion before checking a current Pimcore user or any asset permissions. An...

6AI score0.00141EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/27 2:47 p.m.9 views

CLSA-2026-1779893247 Fix of 5 CVEs

SECURITY UPDATE: add case sensitive attribute to LockOutRealm - debian/patches/CVE-2026-43513.patch: add case sensitive attribute to LockOutRealm - CVE-2026-43513 SECURITY UPDATE: fix the handling of invalid users with DIGEST authentication - debian/patches/CVE-2026-43512.patch: fix the handling ...

9.8CVSS6.7AI score0.01233EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44148

Summary Pimcore's WebDAV asset endpoint exposes a MOVE operation through /asset/webdavpath without adding an authentication plugin in the WebDAV controller. The Tree::move implementation then performs asset mutation and deletion before checking a current Pimcore user or any asset permissions. An...

8.1CVSS6AI score0.00141EPSS
Exploits0References6
CloudLinux
CloudLinux
added 2026/05/21 3:38 p.m.10 views

tomcat6: Fix of CVE-2026-41284

CVE-2026-41284: tomcat6: WebDAV LOCK/PROPFIND unbounded request body DoS...

7.5CVSS5.8AI score0.0078EPSS
Exploits0
OSV
OSV
added 2026/05/21 2:41 p.m.10 views

CLSA-2026-1779374454 Fix of 7 CVEs

SECURITY UPDATE: multiple security fixes - debian/patches/CVE-2026-41284.patch: add a configurable maxRequestBodySize init-param to the WebDAV servlet to bound LOCK/PROPFIND XML request bodies; reject oversized bodies with 413 Request Entity Too Long. Includes the upstream...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2026/05/19 3:38 p.m.11 views

zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

5.8AI score0.00061EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/05/19 3:38 p.m.10 views

GHSA-C656-JCX2-7PQJ zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

8.3CVSS5.8AI score0.00061EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-41960

Name of the Vulnerable Software and Affected Versions zrok affected versions not specified Description A path traversal issue exists when using the zrok2 copy command to move files from a WebDAV or zrok drive to a local filesystem. An attacker can provide a malicious DAV href containing directory...

8.3CVSS5.9AI score0.00061EPSS
Exploits0References4
Veracode
Veracode
added 2026/05/16 5:21 a.m.5 views

Path Traversal

zrok is vulnerable to Path Traversal. The vulnerability is due to failure to prevent symlink traversal in the WebDAV drive backend, which allows a remote attacker to access symbolic links pointing outside the shared root and read or, where permitted, modify arbitrary files on the host filesystem...

8.7CVSS6AI score0.0033EPSS
Exploits0References3Affected Software2
Mageia
Mageia
added 2026/05/15 6:17 a.m.16 views

Updated tomcat packages fix security vulnerability

Unbounded read in WebDAV LOCK and PROPFIND handling. CVE-2026-41284 HTTP/2 request headers not validated. CVE-2026-41293 WebSocket authentication header exposure. CVE-2026-42498 Digest authenticator will authenticate any unknown user. CVE-2026-43512 LockOutRealm treats user names as case-sensitiv...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References9
OSV
OSV
added 2026/05/15 6:17 a.m.10 views

MGASA-2026-0139 Updated tomcat packages fix security vulnerability

Unbounded read in WebDAV LOCK and PROPFIND handling. CVE-2026-41284 HTTP/2 request headers not validated. CVE-2026-41293 WebSocket authentication header exposure. CVE-2026-42498 Digest authenticator will authenticate any unknown user. CVE-2026-43512 LockOutRealm treats user names as case-sensitiv...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References10
OSV
OSV
added 2026/05/14 11:56 a.m.6 views

BIT-TOMCAT-2026-41284 Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117. Older, unsupported versions may also be affected. Users are recommended to upgrade to versio...

7.5CVSS5.7AI score0.0078EPSS
Exploits0References3
Nextcloud
Nextcloud
added 2026/05/13 6:50 a.m.25 views

Bypass of second factor authentication on DAV endpoints by reusing a pre-2FA session ID

None...

5.9CVSS5.8AI score0.0029EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.12 views

Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: No limit was enforced on the request body for WebDAV LOCK or PROPFIND requests which were available to...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References10Affected Software3
OSV
OSV
added 2026/05/12 6:30 p.m.8 views

GHSA-GX5V-XP9W-J4CG Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: No limit was enforced on the request body for WebDAV LOCK or PROPFIND requests which were available to...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References10
Snyk
Snyk
added 2026/05/12 5:22 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the WebDAV LOCK and PROPFIND XML request bodies. An attacker can cause...

8.7CVSS5.8AI score0.0078EPSS
Exploits0References2
Rows per page
Query Builder