Lucene search
K

5 matches found

NVD
NVD
added 2026/06/25 7:16 p.m.12 views

CVE-2026-55667

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope other tenants' data, a...

8.2CVSS0.00359EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:32 p.m.7 views

CVE-2026-55667

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope other tenants' data, a...

8.2CVSS6AI score0.00359EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 5:32 p.m.22 views

CVE-2026-55667 File Browser: Out-of-scope file deletion by a Create-only scoped user via symlink-following RemoveAll in upload failure-cleanup

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope other tenants' data, a...

8.2CVSS0.00359EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/04 12:0 a.m.2 views

Apache Tomcat 9.0.0-M1 < 9.0.110 Denial of Service

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.110, 10.1.0-M1 prior to 10.1.47 or 11.0.0-M1 prior to 11.0.12. It is, therefore, affected by a denial of service vulnerability due to delayed cleaning of multipart upload temporary files. Note that the scanner has...

5.3CVSS7AI score0.01139EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/27 5:30 p.m.3 views

Improper Resource Shutdown or Release

Overview org.apache.tomcat:catalina is a Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to the delayed cleaning of multipart upload temporary files. An attacker can cause a denial-of-service b...

6CVSS7.1AI score0.01139EPSS
Exploits0References2
Rows per page
Query Builder