Lucene search
K

2434 matches found

RedHat Linux
RedHat Linux
added 2026/06/23 1:16 a.m.5 views

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.8AI score0.00862EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:16 a.m.6 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.8AI score0.00939EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:7 a.m.3 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.8AI score0.00939EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:1 a.m.9 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.8AI score0.00939EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/22 7:38 a.m.33 views

CVE-2026-44914 Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS0.00393EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 7:37 a.m.9 views

EUVD-2026-38218

Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to invoke predefined...

2.3CVSS5.8AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 7:37 a.m.8 views

CVE-2026-44911

Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to invoke predefined...

2.3CVSS5.8AI score0.00327EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 7:37 a.m.20 views

CVE-2026-44911

CVE-2026-44911 affects Apache NiFi 1.15.0–2.9.0 where authorization for component configuration verification requests is insufficient: users with read access can submit proposed configuration properties, potentially overriding current settings and invoking verification methods with altered parame...

6.3CVSS5.8AI score0.00327EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/19 1:41 p.m.23 views

CVE-2026-12104

Bondix by SIMA GmbH (Linux) up to version 1.25.7.5 is affected by an authenticated OS command injection in environment and tunnel configuration handling. An attacker with configuration write access can pass crafted values to server-side scripts to execute arbitrary OS commands. The vulnerability ...

8.6CVSS6.2AI score0.01098EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in musl

In musl libc through 1.2.1, wcsnrtombs mishandles certain combinations of destination buffer size and source character limit, as demonstrated by an invalid write access buffer overflow...

5.5CVSS7.3AI score0.00644EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.17 views

Astra Linux – Vulnerability in Tomcat9

The “Time-of-check Time-of-use” TOCTOU race condition vulnerability during JSP compilation in Apache Tomcat allows for a race condition on case-insensitive file systems when the default servlet is enabled for writing not in the default configuration. This issue affects Apache Tomcat versions from...

9.8CVSS8.4AI score0.43663EPSS
Exploits13References2
SUSE CVE
SUSE CVE
added 2026/06/19 2:1 a.m.10 views

SUSE CVE-2025-10263

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...

9.1CVSS5.2AI score0.00474EPSS
Exploits0References20
Cvelist
Cvelist
added 2026/06/18 8:47 p.m.18 views

CVE-2026-46699 conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...

7.6CVSS0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 8:1 p.m.22 views

CVE-2026-49252

CVE-2026-49252 affects the deepstream server. Versions prior to 10.0.5 are vulnerable to Prototype Pollution , with exploitation leading to potential privilege escalation by any authenticated user with write permission to any record. The issue is fixed in version 10.0.5 . Affected product: deepst...

9.9CVSS5.2AI score0.0027EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/18 6:50 a.m.8 views

Authorization Bypass

Spring Data REST is vulnerable to Authorization Bypass. The vulnerability is due to improper enforcement of write-access restrictions in the JSON Patch application/json-patch+json implementation, where intermediate path segments in multi-segment JSON Pointer expressions are not subjected to...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50795

Name of the Vulnerable Software and Affected Versions mcp-pinot versions prior to 3.1.0 Description mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. The software defaults to running an HTTP MCP server bound to 0.0.0.0:8080 without authentication. Th...

10CVSS5.9AI score0.00498EPSS
Exploits0References15
OSV
OSV
added 2026/06/17 6:56 p.m.5 views

DRUPAL-CORE-2026-005

SA-CORE-2019-003 added protection for fields that store serialized data to disallow direct writes via web services. The above fix did not cover all potential attack vectors for JSON:API. An attacker with appropriate JSON:API write permission could potentially inject a malicious payload in certain...

5.8AI score
Exploits0References1
CVE
CVE
added 2026/06/17 2:27 p.m.26 views

CVE-2026-12528

Affected software/component: 389 Directory Server, in function __aclp__normalize_acltxt() of aclparse.c. Issue: malformed ACI strings can trigger heap-buffer-overflow writes and reads during ACI parsing; the keyword length after whitespace stripping is not validated, causing 1-byte out-of-bounds ...

5.4CVSS5.3AI score0.00226EPSS
Exploits0References3Affected Software3
Cvelist
Cvelist
added 2026/06/17 2:27 p.m.23 views

CVE-2026-12528 389-ds-base: 389-ds-base: heap-buffer-overflows in __aclp__normalize_acltxt()

A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...

5.4CVSS0.00226EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/17 2:27 p.m.7 views

CVE-2026-12528

A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...

5.4CVSS5.8AI score0.00226EPSS
Exploits0
Rows per page
Query Builder