samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

PT-2026-45473

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

CURL-CVE-2026-5773 wrong reuse of SMB connection

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

Unspecified Vulnerability in Apple macOS (CNVD-2026-19670)

Apple macOS is a specialized operating system developed by Apple for Mac computers. Apple macOS has a security vulnerability that can be exploited by an attacker to cause an application to connect to a network share without the user's consent...

EUVD-2026-15075

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to connect to a network share without user consent...

CVE-2026-32761

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...

CVE-2018-4388

A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.1...

CVE-2025-65176

An issue was discovered in Dynatrace OneAgent before 1.325.47. When attempting to access a remote network share from a machine where OneAgent is installed and receiving a "STATUSLOGONFAILURE" error, the agent will retrieve every user token on the machine and repeatedly attempt to access the netwo...

CVE-2025-65176

An issue was discovered in Dynatrace OneAgent before 1.325.47. When attempting to access a remote network share from a machine where OneAgent is installed and receiving a "STATUSLOGONFAILURE" error, the agent will retrieve every user token on the machine and repeatedly attempt to access the netwo...

CVE-2025-65672

Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows unauthorized share and invite access to course settings...

EUVD-2024-34593

Malicious code in bioql PyPI...

CVE-2025-48064

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : OpenZFS vulnerability (USN-6511-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6511-1 advisory. It was discovered that the OpenZFS sharenfs feature incorrectly handled IPv6 address data. This could result in IPv6 restrictions not being...

SUSE CVE-2011-4324

The encodeshareaccess function in fs/nfs/nfs4xdr.c in the Linux kernel before 2.6.29 allows local users to cause a denial of service BUG and system crash by using the mknod system call with a pathname on an NFSv4 filesystem...

CVE-2009-1143

A vulnerability was found in open-vm-tools. This flaw allows local users to bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs aka hgfsmounter...

Owncloud 权限许可和访问控制问题漏洞

OwnCloud OwnCloud is a personal cloud storage solution from OwnCloud Owncloud, an American company. A Permission License and Access Control Issue vulnerability exists in OwnCloud Server, which can be exploited by an attacker to remove access to the share from everyone else...

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-32796)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A security vulnerability exists in Samsung mobile devices, which can be exploited by attackers to access Music Share...

Nextcloud Server < 13.0.9, < 14.0.5 Share Access Vulnerability (NC-SA-2019-003)

Nextcloud Server is prone to a vulnerability where improper share updates could result in extended data access. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2018-4388

A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.1...