Lucene search
K

261 matches found

EUVD
EUVD
added 2026/05/14 6:14 p.m.10 views

EUVD-2026-30357

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST...

7.2CVSS5.9AI score0.00207EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/13 3:32 p.m.12 views

SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk

Summary POST /api/tag/getTag is registered with model.CheckAuth only, omitting both model.CheckAdminRole and model.CheckReadonly, despite the handler performing a configuration write that is normally guarded by both. Any authenticated user — including publish-service RoleReader accounts and...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/12 10:16 p.m.72 views

CVE-2026-44260

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS0.00301EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 9:9 p.m.33 views

CVE-2026-44260

The CVE concerns efw4.X (Enterprise Framework for Web). Before 4.08.010, the readonly flag on the efw:elFinder JSP tag is meant to prevent modifications, but server-side checks are missing: even when protected=true and the client sends readonly=true, there is no event handler enforcing the readon...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 9:9 p.m.8 views

CVE-2026-44260 efw4.X: readonly Flag Not Enforced Server-Side

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 9:9 p.m.90 views

CVE-2026-44260 efw4.X: readonly Flag Not Enforced Server-Side

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS0.00301EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:9 p.m.48 views

EUVD-2026-29845

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:9 p.m.10 views

CVE-2026-44260

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.16 views

PT-2026-40446

Name of the Vulnerable Software and Affected Versions efw4.X versions prior to 4.08.010 Description The readonly flag in the '' JSP tag is intended to prevent file modifications. When protected=true, the elfinder checkRisk function ensures the client sends readonly=true to match the session value...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:11 p.m.5 views

CVE-2026-43299

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT when the fs flips RO inside btrfsrepairiofailure BUG There is a bug report that when btrfs hits ENOSPC error in a critical path, btrfs flips RO this part is expected, although the ENOSPC bug still needs to be...

5.7AI score0.00117EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/05 8:53 p.m.13 views

Client-Side Enforcement of Server-Side Security

Overview jupyterlab is a JupyterLab computational environment. Affected versions of this package are vulnerable to Client-Side Enforcement of Server-Side Security via improper enforcement of the allowedextensionsuris. An attacker can gain unauthorized access to install unapproved extensions by...

8.8CVSS5.8AI score0.0053EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/15 9:30 p.m.4 views

EUVD-2026-23007

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...

8.4CVSS5.8AI score0.00269EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 6:8 p.m.4 views

CVE-2026-4857

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...

8.4CVSS5.8AI score0.00269EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-27774

Name of the Vulnerable Software and Affected Versions EspoCRM versions prior to 9.3.4 Description The EspoCRM software contains a flaw due to the formula engine operating outside the field-level restriction layer, allowing writable access to fields marked as read-only, such as Attachment.sourceId...

9.1CVSS5.9AI score0.005EPSS
Exploits3References14
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.8 views

EulerOS 2.0 SP11 : docker-runc (EulerOS-SA-2026-1603)

According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...

8.4CVSS7AI score0.0067EPSS
Exploits4References4
Cvelist
Cvelist
added 2026/03/09 9:7 p.m.43 views

CVE-2026-30926 SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...

7.1CVSS0.00311EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005097)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005097 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to don't dirty inode for readonly filesystem syzbot reports f2fs bug as below: kernel B...

5.5CVSS6.6AI score0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/20 8:41 p.m.34 views

CVE-2025-55132

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-only...

2.8CVSS0.00227EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : openssh-7.4p1-16.el7 (AXSA:2018-2845:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2845:01 advisory. openssh: Improper write operations in readonly mode allow for zero-length file creation CVE-2017-15906 Tenable has extracted the preceding description block...

5.3CVSS6.4AI score0.03359EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/02 3:28 p.m.2 views

Authentication Bypass Using an Alternate Path or Channel

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the startServerEvents and queryRequest functions. When allowreadonly is enabled, an unauthenticated...

10CVSS7.1AI score0.00492EPSS
Exploits1References2
Rows per page
Query Builder