Lucene search
K

166 matches found

NVD
NVD
added 4 days ago4 views

CVE-2026-55665

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist contained two cross-site scripting vulnerabilities where an attacker-controlled value reached a link's href without scheme validation, so a javascript URL could run in a victim's Grist origin on a single...

8.5CVSS0.00322EPSS
Exploits0References3
CVE
CVE
added 4 days ago11 views

CVE-2026-55475

Snipe-IT prior to version 8.6.1 is vulnerable via the Importer API endpoint where a user with CSV import capabilities and a valid API key can overwrite the created_by value of an import file, enabling unauthorized modification of import ownership metadata. The issue is fixed in version 8.6.1. Thi...

5.7CVSS6.1AI score0.00195EPSS
Exploits0References4
OSV
OSV
added 6 days ago8 views

BIT-PYTHON-2026-4360 Tarfile.extract() doesn't fully respect filter parameter

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

5.3CVSS5.9AI score0.00235EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39594

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS5.9AI score0.00107EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 12:16 a.m.11 views

CVE-2026-13218

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS0.00107EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.31 views

CVE-2026-44957

A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...

4.3CVSS0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/13 2:34 a.m.39 views

CVE-2026-54229 Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking

A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DDOPENREADONLY and calls ddchown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows ...

7CVSS0.00091EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.30 views

PT-2026-49074

Name of the Vulnerable Software and Affected Versions abrt-dbus affected versions not specified Description A race condition exists in the ChownProblemDir method of the abrt-dbus D-Bus service. The ChownProblemDir method opens the dump directory using DD OPEN READONLY and executes dd chown to...

7CVSS5.2AI score0.00091EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 5:16 a.m.21 views

CVE-2026-11837

A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...

7.3CVSS0.00161EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Ansible 后置链接漏洞

Ansible is an easy-to-use IT automation system developed under the open source license. Ansible has a post-installation link vulnerability, which originates from the Posix authorizedkey module. The keyfile function uses os.chown instead of os.lchown, and does not use ONOFOLLOW to open files, whic...

7.3CVSS5.9AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 12:36 p.m.2 views

CVE-2026-52906 9p: fix access mode flags being ORed instead of replaced

In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb "9p: convert to the new mount API", v9fsapplyoptions applies parsed mount flags with |= onto flags already set by v9fssessioninit. For 9P2000.L,...

7.7CVSS6.5AI score0.00121EPSS
Exploits0References5
CVE
CVE
added 2026/05/13 8:44 a.m.14 views

CVE-2026-25710

The CVE-2026-25710 issue affects the plasmaloginauthhelper, a privileged D-Bus helper. A compromised plasmalogin service account can chown arbitrary files, enabling local privilege escalation with high impact on system confidentiality and integrity; availability is noted as high in the metrics. U...

7CVSS5.8AI score0.00134EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/05 10:18 p.m.11 views

ciguard: Container image runs as root (no USER directive)

Summary The published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. ciguard is a static analyser with no need for root privileges; running as root inside a container makes any future container-runtime escape CVE more impactfu...

3CVSS5.8AI score0.00122EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/22 6:31 p.m.4 views

GHSA-88CH-Q68X-36V7 Duplicate Advisory: uutils coreutils has an Incorrect Check of Function Return Value

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2x2h-fw32-rq7v. This link is maintained to preserve external references. Original Description A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit...

5.5CVSS5.9AI score0.00142EPSS
Exploits0References5
CVE
CVE
added 2026/04/22 4:7 p.m.12 views

CVE-2026-35340

The CVE-2026-35340 issue affects the uutils coreutils chown and chgrp via the ChownExecutor. In recursive operations, the utilities return an exit code based solely on the last processed file; if earlier ownership/group changes failed due to permissions, they may still report success (0). This ca...

5.5CVSS5.7AI score0.00142EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/09 8:27 p.m.3 views

nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

3.3CVSS6.3AI score0.00159EPSS
Exploits0References5
OSV
OSV
added 2026/03/27 5:9 p.m.2 views

GHSA-Q9VP-3WCG-8P4X Incus vulnerable to local privilege escalation through VM screenshot path

Summary Incus provides an API to retrieve VM screenshots, that API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As Incus uses predictable paths under /tmp for this, an attacker with local access to the...

5.7CVSS5.8AI score0.0035EPSS
Exploits1References5
NVD
NVD
added 2026/03/02 7:16 p.m.13 views

CVE-2026-0023

In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00084EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/02 6:42 p.m.7 views

EUVD-2026-9237

In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.1AI score0.00084EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/02 6:42 p.m.38 views

CVE-2026-0023

In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00084EPSS
Exploits0References1
Rows per page
Query Builder