samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

Linux Distros Unpatched Vulnerability : CVE-2026-48935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability...

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

EUVD-2026-31823

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

Astra Linux - уязвимость в python3.11

It allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory, and modifying some file metadata. This vulnerability affects users who use the TarFile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract, with the...

CVE-2026-4301 Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating_id' Parameter

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...

Flowsint 访问控制错误漏洞

Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a access control vulnerability, which allowed attackers who knew the investigation IDs to update the investigation metadata of other users...

CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

SUSE-SU-2026:0777-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs bsc1250620. - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cau...

CVE-2025-14608

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulksave' AJAX action. This makes it possible for...

CVE-2025-14608

CVE-2025-14608 — WP Last Modified Info (WordPress plugin) affects WP Last Modified Info versions

Malicious code in alpha-view-grep-abstract-pipe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a59d4ced0983d05722b6d4aa572be26e524f6f5a4608478d2b47cdfcd656793 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in weywot-perseus-parallax-meteor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fccf69d07016c6dfafa7312d220affa347019aaa3bb135b3acd2daef6d21939f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cypress-vuetify-mutation-hermes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f0bdf630701339c3b4e0b026be7375225105671dd37c1d58e92ce6dcd04269a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in fork-eslint-slidev-chakra-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14f8ab67ea8427ea5b62140b04dc5a91e4b2512ef31a7be5a7f29ca3f838dfed This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-186879 Malicious code in eventhoriz-event-planckscale-sirius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a969531dc342a3106319fd93ac645317db9acde1778df1db5647cfd186fda89 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-185372 Malicious code in acamar-halley-eclipse-kronos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f8ad09c0a08bf031574152a898d8286ae2d35f3ed9cbf41b4a8ecc5cfe5a745 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189714 Malicious code in subduction-xenobiology-websockets-polaris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9d162d50d84dbe43de8e35e175e07f1bac8050e4acec2b8489426a438367ec4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in warp-ora-duplex-jekyll (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d66ff385a22dffe023d98891710432d0c59ead5f5af2c822fff70f98049abf12 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...