307 matches found
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
nodejs24 security, bug fix, and enhancement update
An update is available for nodejs24. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a platform built on Chrome's JavaScript runtime for easily...
ALSA-2026:35841 Important: nodejs24 security, bug fix, and enhancement update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...
CVE-2026-48935
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system. Mitigation Mitigation for this issue is either not...
ALPINE-CVE-2026-48935
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
CVE-2026-48935
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
CVE-2026-48935
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
samba: Missing access check on reparse point operations
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...
samba: Missing access check on reparse point operations
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...
Linux Distros Unpatched Vulnerability : CVE-2026-48935
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability...
samba: Missing access check on reparse point operations
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...
EUVD-2026-31823
When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...
Astra Linux – Vulnerability in Python 3.11
It allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory, and modifying some file metadata. This vulnerability affects users who use the TarFile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract, with the...
CVE-2026-4301 Rate Star Review Vote <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification via 'rating_id' Parameter
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.6.4. The vwrsrreview AJAX handler lacks both capability checks and nonce verification. The only access control is an isuserloggedin check...
Flowsint 访问控制错误漏洞
Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a access control vulnerability, which allowed attackers who knew the investigation IDs to update the investigation metadata of other users...
CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database
Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.createpostgresquery. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search endpoin...
SUSE-SU-2026:0777-1 Security update for cosign
This update for cosign fixes the following issues: Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs bsc1250620. - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cau...
CVE-2025-14608
The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulksave' AJAX action. This makes it possible for...
CVE-2025-14608
CVE-2025-14608 — WP Last Modified Info (WordPress plugin) affects WP Last Modified Info versions