CVE-2026-44260

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

CVE-2026-44260

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

CVE-2026-44260 efw4.X: readonly Flag Not Enforced Server-Side

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

CVE-2026-44260

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

EUVD-2026-29845

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

CVE-2026-44260

The CVE concerns efw4.X (Enterprise Framework for Web). Before 4.08.010, the readonly flag on the efw:elFinder JSP tag is meant to prevent modifications, but server-side checks are missing: even when protected=true and the client sends readonly=true, there is no event handler enforcing the readon...

CVE-2026-44260 efw4.X: readonly Flag Not Enforced Server-Side

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

PT-2026-40446

Name of the Vulnerable Software and Affected Versions efw4.X versions prior to 4.08.010 Description The readonly flag in the '' JSP tag is intended to prevent file modifications. When protected=true, the elfinder checkRisk function ensures the client sends readonly=true to match the session value...

SUSE CVE-2023-54099

In the Linux kernel, the following vulnerability has been resolved: fs: Protect reconfiguration of sb read-write from racing writes The reconfigure / remount code takes a lot of effort to protect filesystem's reconfiguration code from racing writes on remounting read-only. However during remounti...

CVE-2023-53835

Removed by vendor...

OESA-2025-1079 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ext4: don't set SBRDONLY after filesystem errors When the filesystem is mounted with errors=remount-ro, we were setting SBRDONLY flag to stop all filesystem...

UBUNTU-CVE-2024-47689

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to don't set SBRDONLY in f2fshandlecriticalerror syzbot reports a f2fs bug as below: ------------ cut here ------------ WARNING: CPU: 1 PID: 58 at kernel/rcu/sync.c:177 rcusyncdtor+0xcd/0x180 kernel/rcu/sync.c:177 CPU: ...

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect setting of the SBRDONLY flag in the f2fs file system...

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 22.x and 20.x. The vulnerability stems from the ability of certain file system operations to change the owner and permissions of a file despite the file descriptor being...

TopManage OLK Elevation of Privilege Vulnerability

TopManage OLK is a suite of e-commerce management solutions from TopManage Panama. A security vulnerability exists in TopManage OLK version 2020, which stems from the program's failure to set ReadOnly for session cookies, and can be exploited by an attacker to compromise user and administrator...

Fedora 28 : xen (2018-a7862a75f5)

preemption checks bypassed in x86 PV MM handling XSA-264, CVE-2018-12891 1595959 x86: DB exception safety check can be triggered by a guest XSA-265, CVE-2018-12893 1595958 libxl fails to honour readonly flag on HVM emulated SCSI disks XSA-266, CVE-2018-12892 1595957 Note that Tenable Network...

SUSE-SU-2018:2081-2 Security update for xen

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling XSA-264 bsc1097521. - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks XSA-266 bsc1097523. - CVE-2018-12893: Fix DB...

CVE-2018-12892

Concretely, CVE-2018-12892 affects Xen 4.7–4.10.x when using libxl with qemu-xen: libxl fails to pass the readonly flag to QEMU for emulated SCSI disks (disk type sd) due to an erroneous merge conflict resolution. This can allow malicious guest administrators or certain users to write to original...

tomcat: Remote Code Execution bypass for CVE-2017-12615

A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...