PT-2026-34231

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the Snowball auto-extract handler PutObjectExtractHandler. This issue allows a user with a valid access key to writ...

CVE-2025-68803

In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL based on the mode bits and not the...

Linux Distros Unpatched Vulnerability : CVE-2025-68803

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named...

JLSEC-2025-154 The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_f...

The keyfile settings backend in GNOME GLib aka glib2.0 before 2.60.0 creates directories using gfilemakedirectorywithparents kfsb-dir, NULL, NULL and files using gfilereplacecontents kfsb-file, contents, length, NULL, FALSE, GFILECREATEREPLACEDESTINATION, NULL, NULL, NULL. Consequently, it does n...

EUVD-2017-1644

Malware in sbrugna...

EUVD-2023-27008

Malicious code in bioql PyPI...

CVE-2025-44178

DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its configuration via the UPnP protocol WAN sides without any authentication...

DASAN H660WM 安全漏洞

DASAN H660WM is an optical network terminal from DASAN, Korea. A security vulnerability exists in the DASAN H660WM H660WMR210825, which stems from improper access control under default settings, and could lead to unauthorized access to sensitive information and configuration modifications...

Linux Distros Unpatched Vulnerability : CVE-2025-22070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had a default ACL set for its subdirectories,...

NetScaler-13.1-How to implement authorization policy for Oauth user groups

In Oauth response, the user groups can be carried in the response with customized field. However, we can't relate the string of group to the group attribute of the user. We may have question for how to apply authorization policy for Oauth user groups. In this example, the default authorization...

CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

AZL-61700 CVE-2025-22070 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had a default ACL set for its subdirectories, e.g.: setfacl -m default:group:simpsons:rwx parentdir then creating a...

CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir

In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had a default ACL set for its subdirectories, e.g.: setfacl -m default:group:simpsons:rwx parentdir then creating a...

CVE-2023-5539

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers...

CVE-2023-5539

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers...

UBUNTU-CVE-2023-4413

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Permission to access the file is limited to administrative users only by default...

CVE-2023-0345 CVE-2023-0345

The Akuvox E11 secure shell SSH server is enabled by default and can be accessed by the root user. This password cannot be changed by the user...

PT-2023-1508 · Red Hat · Red Hat Single Sign-On

Name of the Vulnerable Software and Affected Versions: Red Hat Single Sign-On for OpenShift container images affected versions not specified Description: A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled...

SUSE CVE-2005-2801

xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the nameindex fields when sharing xattr blocks, which could prevent default ACLs from being applied...

SUSE CVE-2007-2925

The default access control lists ACL in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache...