Lucene search
K

1678 matches found

CVE
CVE
added 2026/06/09 12:0 a.m.14 views

CVE-2026-36723

CVE-2026-36723 affects bookcars v8.3. An unrestricted file rename vulnerability in the /api/create-user component allows authenticated attackers to exploit directory traversal to move files from temporary storage to arbitrary locations on the server filesystem, enabling unauthorized access to sen...

8.8CVSS6.5AI score0.00998EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 8:17 p.m.17 views

CVE-2026-46484

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS0.00374EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 7:9 p.m.36 views

CVE-2026-46484

Summary: Headplane (a Web UI for Headscale) had a path traversal and authorization bypass vulnerability in the Headscale API client used during node and user rename operations. Affected versions and patch: the issue affects Headplane prior to 0.6.3 and 0.7.0-beta.3; it has been patched in 0.6.3 a...

8.1CVSS5.4AI score0.00374EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 7:9 p.m.10 views

EUVD-2026-35193

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS5.4AI score0.00374EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:9 p.m.8 views

CVE-2026-46484

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS5.4AI score0.00374EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 7:9 p.m.8 views

CVE-2026-46484 Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS5.4AI score0.00374EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 7:9 p.m.33 views

CVE-2026-46484 Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS0.00374EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.15 views

PT-2026-47447

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS5.4AI score0.00374EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45264

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...

4.3CVSS5.3AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.8 views

CVE-2026-40893

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

8.2CVSS5.6AI score0.00347EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/03 9:52 p.m.21 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.7AI score0.00939EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/03 3:28 a.m.3 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.2AI score0.00939EPSS
Exploits0References5
NVD
NVD
added 2026/06/01 5:17 p.m.17 views

CVE-2026-45264

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...

4.3CVSS0.00229EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 4:36 p.m.31 views

CVE-2026-45264 Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...

4.3CVSS0.00229EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 4:36 p.m.9 views

CVE-2026-45264 Nextcloud: ACL Rename Permission Bypass in Team Folders Allows Unauthorized File Renames

Nextcloud is an open source content collaboration platform. From versions 17.0.0 to before 17.0.15, 18.0.0 to before 18.1.12, 19.0.0 to before 19.1.16, 20.0.0 to before 20.1.11, and 21.0.0 to before 21.0.4, a user with READ and CREATE permission, but no UPDATE permission for a team folder can...

4.3CVSS5.7AI score0.00229EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 4:36 p.m.35 views

CVE-2026-45264

Nextcloud shows an ACL-based permission bypass affecting Team Folders. A user with READ and CREATE (but not UPDATE) permission could rename files within a Team Folder in multiple branches: 17.0.0–17.0.14, 18.0.0–18.1.11, 19.0.0–19.1.15, 20.0.0–20.1.10, and 21.0.0–21.0.3. The issue has been patche...

4.3CVSS5.7AI score0.00229EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Team folders 访问控制错误漏洞

Team Folders is an open-source file sharing software developed by Nextcloud. Versions of Team Folders from 17.0.0 to 17.0.15, from 18.0.0 to 18.1.12, from 19.0.0 to 19.1.16, from 20.0.0 to 20.1.11, and from 21.0.0 to 21.0.4 contain an access control vulnerability. This vulnerability stems from a...

4.3CVSS5.3AI score0.00229EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.17 views

CVE-2026-44796

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/29 10:5 p.m.23 views

Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders

Summary modules/documents-files.php mode filerenamesave shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folderuuid, but the rename operation acts on fileuu...

5.8AI score0.00029EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/29 10:5 p.m.9 views

Incorrect Authorization

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Incorrect Authorization through insufficient authorization checks in the renameFile process. An attacker can modify file names and...

7.1CVSS5.8AI score0.00029EPSS
Exploits0References3
Rows per page
Query Builder