Lucene search
+L

16 matches found

NVD
NVD
added 2026/06/24 5:17 p.m.19 views

CVE-2026-53106

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not allow deleting local storage in NMI Currently, local storage may deadlock when deferring freeing selem or local storage through kfreercu, callrcu or callrcutaskstrace in NMI or reentrant. Since deleting selem in NMI i...

0.00145EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 4:30 p.m.13 views

CVE-2026-53106

CVE-2026-53106 affects the Linux kernel BPF storage deletion flow. The issue arises when local storage is freed via kfree_rcu(), call_rcu(), or call_rcu_tasks_trace() in NMI or reentrant contexts, which can lead to a deadlock. The documented mitigation in NMI is to return an error from bpf_xxx_st...

5.8AI score0.00145EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 2:30 p.m.2 views

SUSE-SU-2026:22159-1 Security update for distribution

This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...

10CVSS5.9AI score0.00781EPSS
Exploits1References21
OSV
OSV
added 2026/06/18 2:30 p.m.3 views

OPENSUSE-SU-2026:21084-1 Security update for distribution

This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...

10CVSS6.7AI score0.00781EPSS
Exploits1References20
OSV
OSV
added 2026/06/16 11:8 p.m.3 views

CVE-2026-48929

Rocket.Chat in versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9, and 7.10.13 is vulnerable to unauthenticated file deletion. The deleteFileMessage Meteor method permanently deletes any uploaded file by ID without requiring authentication. When called via an unauthenticated DDP WebSocket...

7.5CVSS7.1AI score0.00723EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/13 12:34 a.m.12 views

EUVD-2026-36628

Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content...

5.3CVSS5.2AI score0.00183EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 6:16 p.m.24 views

DEBIAN-CVE-2026-41888

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.5CVSS5.8AI score0.00294EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 4:53 p.m.42 views

CVE-2026-41888 Distribution: Tag deletion bypasses `storage.delete.enabled` configuration

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.1, tag deletion via the DELETE /v2//manifests/ endpoint bypasses the storage.delete.enabled: false configuration, allowing any API client to remove tags from repositories even when the operator has...

6.3CVSS0.00294EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/13 2:22 p.m.10 views

CVE-2026-31216

The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...

9.1CVSS6AI score0.00401EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.7 views

CVE-2026-31216

The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...

6AI score0.00401EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.38 views

CVE-2026-31216

The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...

0.00401EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 5:25 p.m.3 views

GHSA-564F-WX8X-878H Vikunja read-only users can delete project background images via broken object-level authorization

Summary The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image. Details The RemoveProjectBackground handler pkg/modules/background/handler/background.g...

5.3CVSS5.8AI score0.00211EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/20 5:25 p.m.7 views

Vikunja read-only users can delete project background images via broken object-level authorization

Summary The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image. Details The RemoveProjectBackground handler pkg/modules/background/handler/background.g...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/20 12:0 a.m.8 views

The vulnerability of cloud-based software for creating and using Nextcloud data storage solutions is related to improper access control. This allows a hacker to delete any personal or global external storage, making it inaccessible to everyone else.

The vulnerability of cloud-based software for creating and using Nextcloud data storage solutions is related to improper access control. Exploiting this vulnerability could allow a malicious actor to delete any personal or global external storage, making it inaccessible to everyone else...

7.7CVSS7.2AI score0.00822EPSS
Exploits0References4Affected Software2
SUSE CVE
SUSE CVE
added 2023/08/12 2:10 a.m.4 views

SUSE CVE-2023-39962

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external...

7.7CVSS6.7AI score0.00822EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2016/09/25 12:0 a.m.32 views

CVE-2016-4707

CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors...

4CVSS6.9AI score0.00347EPSS
Exploits0References3
Rows per page
Query Builder