322 matches found
JLSEC-2026-767 A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the...
A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the way RTAS handled memory accesses in user space for kernel communication. In a guest system that is under lockdown usually due to Secure Boot, running on top of PowerVM or KVM hypervisors pseries platform, a root-like local user could exploit this flaw to further...
EUVD-2026-35400
TYPO3 CMS has Broken Access Control in its File Abstraction Layer...
GHSA-JF56-V8JC-JCC5 TYPO3 CMS has Broken Access Control in its File Abstraction Layer
Problem The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html...
TYPO3 CMS has Broken Access Control in its File Abstraction Layer
Problem The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html...
CVE-2026-49738
The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...
CVE-2026-49738
The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...
CVE-2026-49742
CVE-2026-49742 affects TYPO3 CMS where Backend users with file download permissions can access files from the FAL fallback storage via the Media Module. The fallback storage resolves paths relative to the server document root, potentially exposing sensitive files (e.g., log files). Affected versi...
CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer
The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...
CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer
The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...
CVE-2026-49738
CVE-2026-49738 concerns TYPO3 CMS where a flawed check in GeneralUtility::isAllowedAbsPath() uses a plain string prefix instead of a directory boundary, allowing path strings like /var/www/html-other/secret.yaml to pass when project root is /var/www/html. This enables administrator users with acc...
CVE-2026-49738 TYPO3 CMS - Broken Access Control in File Abstraction Layer
The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...
TYPO3-CORE-SA-2026-016: Broken Access Control in File Abstraction Layer
More info at https://typo3.org/security/advisory/typo3-core-sa-2026-016...
TYPO3-CORE-SA-2026-007: Broken Access Control in File Abstraction Layer
More info at https://typo3.org/security/advisory/typo3-core-sa-2026-007...
PT-2026-47746
Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description A path allowance check in th...
CVE-2026-8035
Technical details for CVE-2026-8035 are not publicly available in the provided documents. Monitor for updates from NI and security advisories.
Exploit for CVE-2026-9082
CVE-2026-9082 Type: SQL Injection CWE-89 Affected Pr...
Astra Linux – Vulnerability in Linux
The file “arch/powerpc/kvm/book3srtas.c” in the Linux kernel, as of version 5.13.5 on the powerpc platform, allows KVM guest OS users to cause memory corruption in the host OS through “rtasargs.nargs”, also known as CID-f62f3c20647e...
[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.6.1-1.fc42
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
[SECURITY] Fedora 44 Update: libmetal-2026.04.0-2.fc44
An abstraction layer across user-space Linux, baremetal, and RTOS environment s...