LinkAce 安全漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object reference vulnerabilities in the authorization poli...

Incorrect Ownership Assignment

Overview Affected versions of this package are vulnerable to Incorrect Ownership Assignment through improper validation of the defaultGroup ID after group access revocation. An attacker can gain unauthorized access to group collections and perform full CRUD operations by omitting the X-Tenant...

Security update for php8 (moderate)

openSUSE security update: security update for php8 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20113-1 Rating: moderate References: bsc1255043 bsc1255710 bsc1255711 bsc1255712 Cross-References: CVE-2025-14177 CVE-2025-14178 CVE-2025-14180 CVSS...

CVE-2021-33393

lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the...

CVE-2025-14804

The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server...

CVE-2017-18430

In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassignpostterminatecruft SEC-294...

CVE-2025-14804

CVE-2025-14804 pertains to the Frontend File Manager Plugin for WordPress. The vulnerability arises from inadequate validation of a path parameter and file ownership, enabling any authenticated user (e.g., subscribers) to delete arbitrary files on the server. The issue is user-privilege scoped to...

WordPress plugin Frontend File Manager Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2025-2445)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-36091

IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment...

EUVD-2021-11610

Malware in sbrugna...

EUVD-2011-4054

Malware in sbrugna...

EUVD-2017-10014

Malware in sbrugna...

EUVD-2017-9546

Malware in sbrugna...

EUVD-2025-8429

Malicious code in bioql PyPI...

man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)

...

CVE-2025-57732

In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership...

CVE-2025-3629

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management...

CVE-2011-3124

IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which allows local users to gain privileges via unknown vectors...

CVE-2009-3706

Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv100 through snv117, allows local users to bypass intended limitations of the filechownself privilege via certain uses of the chown system call...