8 matches found
CVE-2026-54094
CVE-2026-54094 affects the File Browser project. Prior to version 2.63.14, HTTP handlers can follow symlinks inside a scoped userโs directory, allowing read, write, or public-share actions to target files outside the userโs intended scope via two patterns: (1) a final-path symlink escaping the sc...
GO-2026-5055 File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope in github.com/filebrowser/filebrowser
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope in github.com/filebrowser/filebrowser...
PT-2026-48461
๐จ CVE-2026-46558 Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1. ๐@cveNotify...
EUVD-2023-24271
Malicious code in bioql PyPI...
CVE-2023-20008
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacke...
Siemens Multiple Product File Upload Vulnerability
Siemens DIGSI etc. are products of Siemens, Germany.Siemens DIGSI is a configuration and operation software for microcomputer protection devices.EN100 Ethernet module IEC 61850 variant is an Ethernet module product. A security vulnerability exists in various Siemens products, which results from t...
samba: Incorrect ACL get/set allowed on symlink path
A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL...
samba: Incorrect ACL get/set allowed on symlink path
A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL...