7 matches found
PT-2026-51308
Name of the Vulnerable Software and Affected Versions MISP core affected versions not specified Description Broken access-control flaws exist where authorization checks are performed against incorrect entities or ownership and editability checks are missing on write paths. This allows a...
CVE-2026-42809
Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...
GHSA-M8XG-8XG9-MXHM Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project
This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user without membership in the target project to bypass OPA authorization checks on write paths PUT /api/projects/id, DELETE /api/projects and modify or delete any project along with all its...
Linux Distros Unpatched Vulnerability : CVE-2026-23472
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - serial: core: fix infinite loop in handletx for PORTUNKNOWN uartwriteroom and uartwrite behave inconsistently when xmitbuf is NULL which happens for PORTUNKNOW...
unzip-stream allows Arbitrary File Write via artifact extraction
Impact When using the Extract method of unzip-stream, malicious zip files were able to write to paths they shouldn't be allowed to. Patches Fixed in 0.3.2 References - https://snyk.io/research/zip-slip-vulnerability - https://github.com/mhr3/unzip-stream/compare/v0.3.1...v0.3.2 Credits Justin Taf...
CVE-2021-1107
NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAPIOCWRITE paths, where improper access controls may lead to code execution, complete denial of service, and seriously compromised integrity of all system components...
dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass
A flaw was found in dbus. The implementation of DBUSCOOKIESHA1 is susceptible to a symbolic link attack. A malicious client with write access to its own home directory could manipulate a /.dbus-keyrings symlink to cause the DBusServer to read and write in unintended locations resulting in an...