CVE-2025-66545 Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin

Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15...

Users with read-only permissions for team folder can restore deleted files from trash bin

None...

EUVD-2004-2749

Malware in sbrugna...

EUVD-2012-4437

Malware in sbrugna...

EUVD-2008-2534

Malware in sbrugna...

EUVD-2022-34279

Malicious code in bioql PyPI...

CVE-2022-29973

relan exFAT 1.3.0 allows local users to obtain sensitive information data from deleted files in the filesystem in certain situations involving offsets beyond ValidDataLength...

Unallocated space analysis

TL;DR Unallocated space retains remnants of deleted files, metadata, logs, caches, and other artefacts. This is useful if a user attempts to cover their tracks, delete files, reformat drives, or use anti-forensic tools. These remnants can help reconstruct user actions exposing data exfiltration...

Exposure of Sensitive Information Through Metadata

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata when executing the UpdateChannelBookmark function, due to improper handling of user permissions. By creating a bookmark referencing a deleted file, an attacker can expose metadata from...

Unauthorized Metadata Access

Mattermost is vulnerable to unauthorized metadata access. The vulnerability is due to improper validation and a failure to check if a file has been deleted when creating a bookmark, allowing an attacker to create bookmarks for deleted files and access their metadata...

CVE-2025-2424

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation...

CVE-2025-2424

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation...

CVE-2025-2424 Leaked Metadata of Deleted Files via Bookmark Creation

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation...

CVE-2025-2424

Mattermost vulnerability CVE-2025-2424 affects Mattermost releases 10.5.x ≤ 10.5.1 and 9.11.x ≤ 9.11.9. The root cause is a failure to verify whether a file has been deleted when creating a bookmark, which can let an attacker who knows deleted file IDs obtain metadata of those files via bookmark ...

UBUNTU-CVE-2022-29973

relan exFAT 1.3.0 allows local users to obtain sensitive information data from deleted files in the filesystem in certain situations involving offsets beyond ValidDataLength...

relan exFAT 安全漏洞

relan exFAT is the project's attempt to provide a fully functional exFAT file system implementation for Unix-like systems. A security vulnerability exists in relan exFAT version 1.3.0, which originates from obtaining sensitive information data from deleted files in the filesystem in certain...

How to Free Recover Deleted Files on Your Mac

There are many scenarios where you would want to recover deleted data from your Mac. These deleted files could be your important photos, official documents, financial records, etc. Loss of such data can cause you unnecessary emotional and financial harm. However, you can make use of data recovery...

Deduplication filter marks files as deleted incorrectly and data corruption occurs on Windows Server 2012 R2 file server

Deduplication filter marks files as deleted incorrectly and data corruption occurs on Windows Server 2012 R2 file server This article describes an issue in which deduplication filter marks files as deleted incorrectly and data corruption occurs on Windows Server 2012 R2-based file server. Before...

Malicious Package

Overview Version 0.0.3 of angluar-cli contains malicious code as a postinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed the package attempts to remove files and stop processes related to McAfee...

U.S. Dept Of Defense: █████████ - Insecure download cookie generation allows bypass of CAC authentication, access to deleted and locked files

Summary: To download a file, ████ directs users to /██████████/Download.aspx and sets a cookie authenticating the download. The cookie looks like this: pickup=Subject=&PackageID=MTU4NDgzMTU=███ If an attacker can generate this cookie, this allows downloading a file. As it turns out, the generatio...