Lucene search
K

307 matches found

RedHat Linux
RedHat Linux
added 6 days ago4 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.5AI score0.00805EPSS
Exploits2References10
Rockylinux
Rockylinux
added 6 days ago9 views

nodejs24 security, bug fix, and enhancement update

An update is available for nodejs24. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a platform built on Chrome's JavaScript runtime for easily...

9.8CVSS6.1AI score0.02806EPSS
Exploits1
OSV
OSV
added 2026/07/06 12:0 a.m.5 views

ALSA-2026:35841 Important: nodejs24 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
OSV
OSV
added 2026/07/06 12:0 a.m.5 views

ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
RedhatCVE
RedhatCVE
added 2026/06/26 10:40 p.m.10 views

CVE-2026-48935

A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system. Mitigation Mitigation for this issue is either not...

3.3CVSS5.6AI score0.00154EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 2:16 a.m.8 views

ALPINE-CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS5.8AI score0.00154EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS6.6AI score0.00154EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.43 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS0.00154EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/23 1:24 a.m.6 views

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.8AI score0.00862EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:7 a.m.19 views

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.8AI score0.00862EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-48935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability...

3.3CVSS6.7AI score0.00154EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/03 3:28 a.m.8 views

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.3AI score0.00862EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/26 12:57 p.m.13 views

EUVD-2026-31823

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

4.1CVSS5.8AI score0.04102EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Python 3.11

It allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory, and modifying some file metadata. This vulnerability affects users who use the TarFile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract, with the...

7.5CVSS6.4AI score0.01149EPSS
Exploits7References2
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.39 views

CVE-2026-4301 Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating_id' Parameter

The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...

4.3CVSS0.00271EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Flowsint 访问控制错误漏洞

Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a access control vulnerability, which allowed attackers who knew the investigation IDs to update the investigation metadata of other users...

2.3CVSS5.8AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 5:21 p.m.59 views

CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database

Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...

9CVSS0.00301EPSS
Exploits0References1
OSV
OSV
added 2026/03/03 1:22 p.m.6 views

SUSE-SU-2026:0777-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs bsc1250620. - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cau...

7.5CVSS6.9AI score0.00533EPSS
Exploits4References19
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.9 views

CVE-2025-14608

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulksave' AJAX action. This makes it possible for...

5.3CVSS5.7AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/02/14 3:25 a.m.23 views

CVE-2025-14608

CVE-2025-14608 — WP Last Modified Info (WordPress plugin) affects WP Last Modified Info versions

5.3CVSS5.7AI score0.00227EPSS
Exploits0References5
Rows per page
Query Builder