20 matches found
PYSEC-2026-1808 Pulp incorrectly assigns RBAC permissions in tasks that create objects
A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...
CVE-2026-47261
Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...
CVE-2026-42315
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...
Security update for clamav
This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: Support...
CVE-2025-69634
Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php...
SUSE CVE-2025-40184
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIGNVHEEL2DEBUG then the debug checking in asserthostsharedguest fails on the launch of an np-guest. This WARNON...
EUVD-2025-150390
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIGNVHEEL2DEBUG then the debug checking in asserthostsharedguest fails on the launch of an np-guest. This WARNON...
CVE-2025-40184
The CVE-2025-40184 entry documents a Linux kernel KVM/arm64 vulnerability: when using transparent huge pages with NVHE EL2 debug, the debug check in assert_host_shared_guest() may trigger a WARN_ON leading to a host panic. The issue arises because __pkvm_host_relax_perms_guest() assumes a single-...
Malicious code in test-mlw2-perms-inurn-lores-decks (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-48876 Malicious code in test-mlw2-perms-inurn-lores-decks (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in test-mlw1-perms-inurn-lores-decks (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-47148 Malicious code in @nativescript-community/perms (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc3fd96213519273f7b1eb5a8c0fd5d3b40c41fccda225d8d442dc2d3f44b882 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
@censujiang/nativescript-local-notifications (=6.4.0), @nativescript-community/audio (=6.4.14) +4 more potentially affected by unknown CVE via @nativescript-community/perms (>=3.0.11 <=3.0.3)
@nativescript-community/perms NPM version =3.0.11, =3.1.20, =7.0.0, =1.0.4, =0.0.1, =0.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-NATIVESCRIPTCOMMUNITYPERMS-12704723...
Avada < 7.11.2 - Subscriber+ Portfolio Permalinks Creation
Description The theme is vulnerable to unauthorized modification of data due to a missing capability check, allowing any authenticated attackers, with such as subscriber and above, to save Portfolio permalinks...
CVE-2020-8510
An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en user+perms+lang, one can login as any user without a password...
Adaudit - Powershell Script To Do Domain Auditing Automation
PowerShell Script to perform a quick AD audit | | \ | | | || | | | | | | | | | . | | | |||/ ||||||| by phillips321 If you have any decent powershell one liners that could be used in the script please let me know. I'm trying to keep this script as a single file with no requirements on external too...
Fedora 26 : php-symfony (2017-4fcbd8a4c3)
2.8.25 2017-07-17 - security 23507 Security validate empty passwords again xabbuh - bug 23526 HttpFoundation Set meta refresh time to 0 in RedirectResponse content jnvsor - bug 23540 Disable inlining deprecated services alekitto - bug 23468 DI Handle root namespace in service definitions ro0NL -...
[SECURITY] Fedora 22 Update: php-horde-Horde-Perms-2.1.6-1.fc22
The Perms package provides an interface to the Horde permissions system...
[SECURITY] Fedora 23 Update: php-horde-Horde-Perms-2.1.6-1.fc23
The Perms package provides an interface to the Horde permissions system...
Fedora Core 10 FEDORA-2009-3761 (prewikka)
The remote host is missing an update to prewikka announced via advisory FEDORA-2009-3761. OpenVAS Vulnerability Test $Id: fcore20093761.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-3761 prewikka Authors: Thomas Reinke Copyright: Copyright c 2009...