CVE-2025-68784

CVE-2025-68784 pertains to the Linux kernel (xfs). The issue is a use-after-free in xattr repair where xchk_setup_xattr_buf can allocate a new value buffer, potentially leaving ab->value references dangling. The fix moves the assignment to after the buffer setup, mitigating the dangling refere...

CVE-2025-68784 xfs: fix a UAF problem in xattr repair

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k: Fixed the issue where a read pointer was accessed after freeing memory in ath12kmacassignviftovdev. In ath12kmacassignviftovdev, if the arvif object is created on a different radio, it is deleted from that radio...

Elastic Kibana Email Connector 安全漏洞

Elastic Kibana Email Connector is an email service connection component from Elastic Netherlands. A security vulnerability exists in the Elastic Kibana Email Connector that stems from improper input validation, which could lead to over-assignment via specially crafted email address parameters,...

PT-2026-2698

Name of the Vulnerable Software and Affected Versions Windows Hello affected versions not specified Description A flaw in Windows Hello’s privilege assignment allows a local attacker to perform tampering on the system. This issue could allow unauthorized access and manipulation of the system...

PT-2026-2797

@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Lucid model assignments to overwrite the internal ORM state...

PT-2026-2657

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A flaw in Windows Hello’s privilege assignment can allow an attacker to perform tampering locally. This issue allows attackers to affect the system. Recommendations At the moment, there is no...

CVE-2026-22783

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

CVE-2026-22783 Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

CVE-2026-22783 Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Management

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

EUVD-2026-2004

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

CVE-2026-22783

CVE-2026-22783 affects the Iris DFIR-IRIS datastore file management system prior to version 2.4.24 . A vulnerability arises from mass assignment of the field file_local_name combined with trusting the path in the delete operation, enabling authenticated users to delete arbitrary filesystem paths....

PT-2026-2294

Name of the Vulnerable Software and Affected Versions Iris versions prior to 2.4.24 Description Iris is a web collaborative platform used by incident responders to share technical details during investigations. The DFIR-IRIS datastore file management system has an issue where authenticated users...

PT-2026-2326

Name of the Vulnerable Software and Affected Versions npm cli affected versions not specified Description The npm command-line interface has a flaw related to incorrect permission assignment that can lead to local privilege escalation. This issue allows an attacker to gain elevated privileges on ...

CVE-2014-016-assignement

No d...

CVE-2018-4073

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/EmbededAceTLSetTask.cgi is a very similar endpoint that is designed for use with setting table values th...

CVE-2021-22382

Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations...

CVE-2022-38183

In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea there was no permission check for fetching the issue. As a result, the attacker would get access to private issue title...

CVE-2022-37003

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files...

CVE-2017-18392

cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts SEC-325...