Lucene search
K

5 matches found

Snyk
Snyk
added 2026/05/22 1:44 p.m.15 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Boards API when file ownership and access control are not properly validated. An attacker can gain unauthorized access to and download files belonging to other users or teams by...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:27 a.m.8 views

CVE-2026-3473

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...

7.1CVSS5.8AI score0.00149EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/24 3:27 a.m.12 views

EUVD-2026-25372

The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxiremovecustomimagesize' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-leve...

5.3CVSS5.8AI score0.00318EPSS
Exploits0References6
OSV
OSV
added 2026/04/03 3:30 p.m.5 views

GHSA-VPH7-R229-QXPF Focalboard doesn't validate file ownership when serving uploaded files

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued...

4.3CVSS5.9AI score0.00221EPSS
Exploits0References2
Veracode
Veracode
added 2025/05/06 3:7 a.m.9 views

Time-of-Check To Time-of-Use (TOCTOU) Race Condition

snowflake-sdk is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. The vulnerability is due to improper validation of file ownership and permissions during logging configuration loading, allowing an attacker to modify the file between the check and its use...

7CVSS6.5AI score0.00141EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder