CVE-2026-42535

A flaw was found in the moddavfs module of Apache HTTP Server. A WebDAV Web Distributed Authoring and Versioning content author could exploit a path handling issue to directly manipulate trusted DAV property databases. This manipulation could potentially lead to child process crashes, resulting i...

PT-2026-47319

Name of the Vulnerable Software and Affected Versions Apache versions prior to 2.4.68 Description A path handling issue in the mod dav fs module allows a WebDAV content author to directly manipulate trusted DAV property databases, which can potentially lead to child process crashes. Recommendatio...

Demand-Driven Vulnerability Detection for Cloud Security Posture Management: Removing Human Rule Authoring from the Disclosure-To-Protection Critical Path

Cloud Security Posture Management CSPM systems detect known vulnerabilities by maintaining a rule set, distributing it to customers, and evaluating it against periodically-collected asset inventories. To our knowledge, in publicly documented architectures the rule set is environment-agnostic and...

CVE-2026-45283

A flaw was found in Nextcloud Server. An authenticated user could exploit this vulnerability to lock or unlock files belonging to other users by manipulating WebDAV Web Distributed Authoring and Versioning paths. This issue also led to the disclosure of lock tokens in error responses, potentially...

Missing Authorization

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Missing Authorization via the Tree::move process. An attacker can delete or overwrite assets without proper authorization by sending a crafted WebDAV MOVE...

CLSA-2026-1779366970 tomcat6: Fix of CVE-2026-41284

CVE-2026-41284: tomcat6: WebDAV LOCK/PROPFIND unbounded request body DoS...

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the WebDAV backend process. An attacker can access and modify files outside the intended directory by exploiting symbolic links that point outside the designated root. This is only exploitable if...

CVE-2026-5131

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, with ACLs configured incorrectly. This can allow an attacker to communicate with the stream and upload XML or JSON files, which are processed by the named pipe under the service user’s privileges,...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service (CVE-2026-0994)

Summary Python module protobuf is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service (CVE-2026-34043)

Summary Node.js module serialize-javascript is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

CVE-2026-5311

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

PT-2026-29509

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to loss of confidentiality (CVE-2025-68121)

Summary IBM App Connect Enterprise Certified Container operator and DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang module crypto/tls...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to arbitrary code execution (GHSA-5c6j-r48x-rmvq)

Summary Node.js module serialize-javascript is used by IBM App Connect Enterprise Certified Container DesignerAuthoring operands. DesignerAuthoring operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module...

CVE-2017-20224 Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executab...

PT-2026-25742

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executab...

Windows File Explorer NTLM Forced Authentication Hash Disclosure 1.0

Windows File Explorer contains persistent forced authentication behavior that automatically transmits NTLM challenge-response hashes to remote SMB/WebDAV endpoints during routine file operations, enabling credential theft and potential domain compromise through NTLM relay attacks. This is not an...