117 matches found
Missing Authorization
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization in the actionMoveFolder process. An attacker can remove destination folders and their contents without having delete permissions on the destination by initiating a force...
CVE-2026-50282
Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...
CVE-2026-50282 Craft CMS: Unauthorized Deletion of Destination Folders During Forced Moves
Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...
EUVD-2026-41416
Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...
CVE-2026-50282
Craft CMS contains an authorization issue in AssetsController::actionMoveFolder where calling with force=true to move a folder into a destination with a conflicting name can overwrite and delete the destination folder without destination delete permission. Affected versions are 5.0.0-RC1 and abov...
Linux Distros Unpatched Vulnerability : CVE-2026-53328
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schedext: Don't warn on NULL cgrpmovingfrom in scxcgroupmovetask A WARN fires when systemd's user manager writes +cpu +memory +pids to its own subtreecontrol...
TYPO3 CMS 安全漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a security vulnerability in TYPO3 CMS, which stems from unauthorized backend users having access to write operations on the root directory of active files. This can lead to unauthorized moves,...
CVE-2026-40300
Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...
CVE-2026-45042
RustFS is a distributed object storage system in Rust. Prior to 1.0.0-beta.2, the UploadPartCopy operation could copy objects across buckets without enforcing destination bucket policy on the source, because the implementation separately validates GetObject on the source and PutObject on the dest...
Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling
Summary Pimcore's WebDAV asset endpoint exposes a MOVE operation through /asset/webdavpath without adding an authentication plugin in the WebDAV controller. The Tree::move implementation then performs asset mutation and deletion before checking a current Pimcore user or any asset permissions. An...
CVE-2026-42590
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...
CVE-2026-40300
Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...
CVE-2026-40300 Zulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/history
Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...
CVE-2026-40300 Zulip: Message edit history visible in "moves only" policy through /api/v1/messages/{id}/history
Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...
CVE-2026-40300
Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...
CVE-2026-40300
Summary of vulnerability (CVE-2026-40300) Affected software: Zulip open-source team collaboration tool (prior to version 12.0). Root cause: When message_edit_history_visibility_policy is set to the value "moves", the endpoint /api/v1/messages/{id}/history continues to return historical content va...
EUVD-2026-29537
Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...
PT-2026-40100
Zulip is an open-source team collaboration tool. Prior to 12.0, With message edit history visibility policy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...
golang: cmd/compile: no-op interface conversion bypasses overlap checking
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...
CVE-2026-40281 Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values
Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...