Lucene search
K

254 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.13 views

RHEL 10 : samba (RHSA-2026:22963)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22963 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

9.8CVSS6.2AI score0.12797EPSS
Exploits9References15
OSV
OSV
added 2026/06/05 8:34 a.m.6 views

SUSE-SU-2026:22080-1 Security update for samba

This update for samba fixes the following issues Security issues: - CVE-2026-1933: Missing access check on reparse point operations bsc1261188. - CVE-2026-2340: vfsworm does not block directory modification bsc1261158. - CVE-2026-3012: group policy certificate enrollment uses http: // without...

9.8CVSS5.6AI score0.12797EPSS
Exploits8References18
CVE
CVE
added 2026/06/01 4:38 p.m.26 views

CVE-2026-45155

Nextcloud Server is affected by CVE-2026-45155 due to a missing API-level access check that allows adding unknown circle IDs to other circles. Affected versions are 32.0.0–32.0.6 and 33.0.0–33.0.0 (i.e., before 32.0.7 and before 33.0.1). The underlying issue could enable unauthorized membership t...

2.6CVSS5.7AI score0.002EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 4:38 p.m.32 views

CVE-2026-45155 Nextcloud: Private circle can be added to another circle via API

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by...

2.6CVSS0.002EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Nextcloud Teams 安全漏洞

NextCloud Teams is an open-source team collaboration and group management tool developed by NextCloud. There were security vulnerabilities in versions of NextCloud Teams from 32.0.0 to 32.0.7, and from 33.0.0 to 33.0.1. These vulnerabilities stemmed from the absence of API-level access checks,...

2.6CVSS5.3AI score0.002EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45538

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

6.8CVSS5.7AI score0.00252EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/27 12:28 p.m.12 views

CVE-2026-1933 Samba: missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.7AI score0.00862EPSS
Exploits0References13
Debian CVE
Debian CVE
added 2026/05/27 12:28 p.m.9 views

CVE-2026-1933

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.7AI score0.00862EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/05/26 12:36 p.m.17 views

Security update for samba

This update for samba fixes the following issues Security issues: CVE-2026-1933: Missing access check on reparse point operations bsc1261188. CVE-2026-2340: vfsworm does not block directory modification bsc1261158. CVE-2026-3012: group policy certificate enrollment uses http: // without validatio...

10CVSS5.9AI score0.12797EPSS
Exploits8References30
UbuntuCve
UbuntuCve
added 2026/05/26 12:0 a.m.14 views

CVE-2026-1933

Missing access checks on reparse point operations...

7.1CVSS5.8AI score0.00862EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 12:0 a.m.5 views

UBUNTU-CVE-2026-1933

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.7AI score0.00862EPSS
Exploits0References3
NVD
NVD
added 2026/05/19 10:16 a.m.16 views

CVE-2026-46721

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

6.9CVSS0.00352EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 7:41 p.m.26 views

CVE-2026-44559

Summary (CVE-2026-44559) Open WebUI’s channel membership endpoint has an access control flaw on standard channels. Prior to version 0.9.0, GET /api/v1/channels/{id}/members only enforced membership checks for channel types ‘group’ and ‘dm’; standard (including private) channels did not perform ch...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.21 views

PT-2026-40726

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The endpoint "/api/tag/getTag" is registered using only the model.CheckAuth middleware, missing the model.CheckAdminRole and model.CheckReadonly checks. This allows any authenticated user, including...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

Realtek rtl819x Jungle SDK 信息泄露漏洞

The Realtek RTL819x Jungle SDK is a driver for wireless local area network chips developed by Realtek Semiconductor. The SDK contains an information leakage vulnerability, which stems from the lack of access control checks in the debug handlers of the writemem and readmem functions within the...

7.7CVSS5.7AI score0.00669EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the loadcustomerinfo operation in POST...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/16 10:48 p.m.16 views

Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys

Isolated paperclip instance running in authenticated mode default config on a clean Docker image matching commit b649bd4 2026.411.0-canary.8, post the 2026.410.0 patch. This advisory was verified on an unmodified build. Summary POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE...

6AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 5:48 p.m.3 views

CVE-2026-33212

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...

3.1CVSS5.8AI score0.00221EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/11 1:21 a.m.5 views

CVE-2026-34985

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...

6.5CVSS5.8AI score0.00226EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/10 12:0 a.m.92 views

📄 Authentic 8 User Profile Insecure Direct Object Reference

Proof of concept exploit that demonstrates user data exposure via an insecure direct object reference and missing access control vulnerabilities in the User Profile endpoint of Authentic 8...

5.8AI score
Exploits0
Rows per page
Query Builder