254 matches found
RHEL 10 : samba (RHSA-2026:22963)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22963 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
SUSE-SU-2026:22080-1 Security update for samba
This update for samba fixes the following issues Security issues: - CVE-2026-1933: Missing access check on reparse point operations bsc1261188. - CVE-2026-2340: vfsworm does not block directory modification bsc1261158. - CVE-2026-3012: group policy certificate enrollment uses http: // without...
CVE-2026-45155
Nextcloud Server is affected by CVE-2026-45155 due to a missing API-level access check that allows adding unknown circle IDs to other circles. Affected versions are 32.0.0–32.0.6 and 33.0.0–33.0.0 (i.e., before 32.0.7 and before 33.0.1). The underlying issue could enable unauthorized membership t...
CVE-2026-45155 Nextcloud: Private circle can be added to another circle via API
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by...
Nextcloud Teams 安全漏洞
NextCloud Teams is an open-source team collaboration and group management tool developed by NextCloud. There were security vulnerabilities in versions of NextCloud Teams from 32.0.0 to 32.0.7, and from 33.0.0 to 33.0.1. These vulnerabilities stemmed from the absence of API-level access checks,...
PT-2026-45538
Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...
CVE-2026-1933 Samba: missing access check on reparse point operations
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...
CVE-2026-1933
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...
Security update for samba
This update for samba fixes the following issues Security issues: CVE-2026-1933: Missing access check on reparse point operations bsc1261188. CVE-2026-2340: vfsworm does not block directory modification bsc1261158. CVE-2026-3012: group policy certificate enrollment uses http: // without validatio...
CVE-2026-1933
Missing access checks on reparse point operations...
UBUNTU-CVE-2026-1933
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...
CVE-2026-46721
The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...
CVE-2026-44559
Summary (CVE-2026-44559) Open WebUI’s channel membership endpoint has an access control flaw on standard channels. Prior to version 0.9.0, GET /api/v1/channels/{id}/members only enforced membership checks for channel types ‘group’ and ‘dm’; standard (including private) channels did not perform ch...
PT-2026-40726
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The endpoint "/api/tag/getTag" is registered using only the model.CheckAuth middleware, missing the model.CheckAdminRole and model.CheckReadonly checks. This allows any authenticated user, including...
Realtek rtl819x Jungle SDK 信息泄露漏洞
The Realtek RTL819x Jungle SDK is a driver for wireless local area network chips developed by Realtek Semiconductor. The SDK contains an information leakage vulnerability, which stems from the lack of access control checks in the debug handlers of the writemem and readmem functions within the...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the loadcustomerinfo operation in POST...
Paperclip: Cross-tenant agent API token minting via missing assertCompanyAccess on /api/agents/:id/keys
Isolated paperclip instance running in authenticated mode default config on a clean Docker image matching commit b649bd4 2026.411.0-canary.8, post the 2026.410.0 patch. This advisory was verified on an unmodified build. Summary POST /api/agents/:id/keys, GET /api/agents/:id/keys, and DELETE...
CVE-2026-33212
Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...
CVE-2026-34985
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...
📄 Authentic 8 User Profile Insecure Direct Object Reference
Proof of concept exploit that demonstrates user data exposure via an insecure direct object reference and missing access control vulnerabilities in the User Profile endpoint of Authentic 8...