14 matches found
CVE-2026-43617
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...
JLSEC-2026-107 Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access equivalent to --allow-env, and writing /proc/self/mem may provide access equivalent t...
CVE-2026-33302 OpenEMR: zhAclCheck Ignores Explicit ACL Denies
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...
EUVD-2026-13221
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...
PT-2025-40539
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.120 Description An issue existed where Claude Code did not properly handle symlinks when enforcing permission deny rules. Specifically, if a user blocked Claude Code’s access to a file, but Claude Code had...
Europol Denies $50K Reward for Qilin Ransomware, Calls It a Scam
Europol has confirmed that a widely reported $50,000 reward for information on the Qilin ransomware group is a…...
Yandex Source Code Online Leaked, Company Denies Hack
By Waqas The threat actor has dumped a whopping 44.7 GB worth of Yandex data, including its source code repository, on a popular hacker forum. This is a post from HackRead.com Read the original post: Yandex Source Code Online Leaked, Company Denies Hack...
Twitter Denies Any Hack Attack in 200M Account Leak Scare
By Waqas Twitter claims that “The data is likely a collection of data already publicly available online through different sources.” This is a post from HackRead.com Read the original post: Twitter Denies Any Hack Attack in 200M Account Leak Scare...
Cyber Security Giant Mandiant Denies Hacking Claims By LockBit Ransomware
By Deeba Ahmed According to a Mandiant representative, the company was aware of LockBit 2.0 claims, but there was no evidence of… This is a post from HackRead.com Read the original post: Cyber Security Giant Mandiant Denies Hacking Claims By LockBit Ransomware...
PT-2020-6602 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 1.10.11 Description: The issue is related to the Experimental API in Apache Airflow, which previously allowed all API requests without authentication by default. This poses security risks to users who are not...
CVE-2020-3139
A vulnerability in the out of band OOB management interface IP table rule programming for Cisco Application Policy Infrastructure Controller APIC could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB...
Google Denies Using Google Arts & Culture App to Collect Selfie Data
By Waqas Google Arts Culture App was recently introduced and its This is a post from HackRead.com Read the original post: Google Denies Using Google Arts Culture App to Collect Selfie Data...
Microsoft Shares Telemetry Data Collected from Windows 10 Users with 3rd-Party
Cyber security is a major challenge in today's world, as cyber attacks have become more automated and difficult to detect, where traditional cyber security practices and systems are no longer sufficient to protect businesses, governments, and other organizations. In past few years, Artificial...
CVE-2004-2317
Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access...