samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

CVE-2026-44914 Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

CVE-2026-44911

Apache NiFi CVE-2026-44911 affects 1.15.0–2.9.0. Authorization handling for component configuration verification requests lets users with read access submit proposed properties that can override current configuration and trigger verification methods with alternate settings. Installations lacking ...

CVE-2026-44911

Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to invoke predefined...

EUVD-2026-38218

Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to invoke predefined...

CVE-2026-12104

Bondix by SIMA GmbH (Linux) up to version 1.25.7.5 is affected by an authenticated OS command injection in environment and tunnel configuration handling. An attacker with configuration write access can pass crafted values to server-side scripts to execute arbitrary OS commands. The vulnerability ...

SUSE CVE-2025-10263

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...

CVE-2026-46699 conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...

CVE-2026-49252

CVE-2026-49252 affects the deepstream server. Versions prior to 10.0.5 are vulnerable to Prototype Pollution , with exploitation leading to potential privilege escalation by any authenticated user with write permission to any record. The issue is fixed in version 10.0.5 . Affected product: deepst...

DRUPAL-CORE-2026-005

SA-CORE-2019-003 added protection for fields that store serialized data to disallow direct writes via web services. The above fix did not cover all potential attack vectors for JSON:API. An attacker with appropriate JSON:API write permission could potentially inject a malicious payload in certain...

CVE-2026-12528

Affected software/component: 389 Directory Server, in function __aclp__normalize_acltxt() of aclparse.c. Issue: malformed ACI strings can trigger heap-buffer-overflow writes and reads during ACI parsing; the keyword length after whitespace stripping is not validated, causing 1-byte out-of-bounds ...

CVE-2026-12528 389-ds-base: 389-ds-base: heap-buffer-overflows in __aclp__normalize_acltxt()

A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...

CVE-2026-46810

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: End User Self Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Identity...

rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262 , carries a CVSS score of 6.5 out of 10.0. "A vulnerability in the web UI of Cisco Catalyst SD-WAN...

GHSA-239W-M3H6-CH8V File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope

Summary File Browser enforces per-user scope with afero.NewBasePathFsafero.NewOsFs, scope, set up in users/users.go. This blocks lexical ../ traversal, but it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

TYPO3 CMS: Destructive Actions on File Mount Folders

Problem Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS,...

EUVD-2026-35401

TYPO3 CMS has Insecure Deserialization via Core API...

TYPO3 CMS has Insecure Deserialization via Core API

Problem TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted...

GHSA-C78M-C52X-JGWP TYPO3 CMS has Insecure Deserialization via Core API

Problem TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted...