14 matches found
GHSA-74M3-9QVM-RP9H zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write
Summary The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a location outside that root, remote WebDAV consumers can read files and—on shares without...
EUVD-2026-21860
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information...
PT-2026-32266
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information...
CVE-2025-64298
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...
EUVD-2025-17307
Malicious code in bioql PyPI...
CVE-2025-40804
A vulnerability has been identified in SIMATIC Virtualization as a Service SIVaaS All versions. The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization...
CVE-2025-40804
A vulnerability has been identified in SIMATIC Virtualization as a Service SIVaaS All versions. The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization...
CVE-2025-58359
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
CVE-2025-0620
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again...
CVE-2025-0620
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again...
CVE-2025-0620
CVE-2025-0620 affects Samba (smbd) where group membership changes are not picked up during re-authentication of an expired SMB session, potentially exposing file shares until clients disconnect and reconnect. The issue is documented across multiple distributions; a practical remediation is upgrad...
CVE-2025-0620 Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again...
samba: save registry file outside share as unprivileged user
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share...
iis-enumerate.txt
I was recently auditing the security on one of my web servers when I cameacross a new Extension Enumerate Root Web Server Directory Vulnerability forIIS 4.0. Going to the main website and asking for anything.idq I get thepage cannot be found. But if the files for the web server reside on a sharet...