CVE-2026-33377

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

CVE-2025-66547 Nextcloud Server users can modify tags on files that do not belong to them

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 31.0.1, non-privileged users can modify tags on files they should not have access to via bulk tagging. This vulnerability is fixed in 31.0.1...

kernel: do_change_type(): refuse to operate on unmounted/not ours mounts

In the Linux kernel, the following vulnerability has been resolved: dochangetype: refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount2...

kernel: do_change_type(): refuse to operate on unmounted/not ours mounts

In the Linux kernel, the following vulnerability has been resolved: dochangetype: refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount2...

SUSE-SU-2025:03413-1 Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-150700536 fixes several issues. The following security issues were fixed: - CVE-2025-38498: dochangetype: refuse to operate on unmounted/not ours mounts bsc1247499. - CVE-2025-38555: usb: gadget : fix use-after-free in compositedevcleanup bsc1248298...

kernel: do_change_type(): refuse to operate on unmounted/not ours mounts

In the Linux kernel, the following vulnerability has been resolved: dochangetype: refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount2...

do_change_type(): refuse to operate on unmounted/not ours mounts

...

Nextcloud: Users can modify tags on files that do not belong to them

A vulnerability was discovered in which users could modify tags on files that did not belong to them. This issue has been addressed...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a security vulnerability that stems from the fact that...

postgresql: Extension scripts replace objects not belonging to the extension.

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

WordPress plugin ActivityPub security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

SUSE CVE-2010-1161

Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files...

postgresql: Extension scripts replace objects not belonging to the extension.

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...