135 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: The issue of losing the “young/dirty” bits during the pagemap scan has been fixed. The function makeuffdwpwppte used to perform these operations was previously executed as follows: c pte = ptepgetptep;...
CVE-2026-44260
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...
Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass
Summary A non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync. The regular integration endpoint POST /api/integration correctly blocks this, but the Sync API bypasses the...
GHSA-GV8P-48FR-4FXG Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass
Summary A non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync. The regular integration endpoint POST /api/integration correctly blocks this, but the Sync API bypasses the...
PT-2026-46884
Summary A non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/ action/sync. The regular integration endpoint POST /api/integration correctly blocks this, but the Sync API bypasses th...
PT-2026-46864
Summary A non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/ action/sync. The regular integration endpoint POST /api/integration correctly blocks this, but the Sync API bypasses th...
SUSE CVE-2026-46121
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcgpath kfree with damonsysfslock Patch series "mm/damon/sysfs-schemes: fix use-after-free for memcgpath". Reads of 'memcgpath' and 'path' files in DAMON sysfs interface could race with their...
GO-2026-4953 goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs
goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protecting of L2 SPTEs in TDP MMU when clearing dirty status Check kvmmmupageadneedwriteprotect when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs. This ensures that the TDP MMU takes into...
PT-2026-42366
goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...
Nautobot: GitRepository.current_head field should not be writable through REST API
Impact A user with access to add/change a GitRepository record could use the REST API to directly set the currenthead field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clones of the relevant repository to checkout a commit other than the latest...
UBUNTU-CVE-2026-43434
In the Linux kernel, the following vulnerability has been resolved: rustbinder: check ownership before using vma When installing missing pages or zapping them, Rust Binder will look up the vma in the mm by address, and then call vminsertpage or zappagerangesingle. However, if the vma is closed an...
Missing Write Protection for Parametric Data Values
Overview Affected versions of this package are vulnerable to Missing Write Protection for Parametric Data Values through improper sanitization of the destination path in the rename process. An attacker can overwrite files outside the intended root directory by supplying crafted destination paths...
Missing Write Protection for Parametric Data Values
Overview Affected versions of this package are vulnerable to Missing Write Protection for Parametric Data Values through improper sanitization of the destination path in the rename process. An attacker can overwrite files outside the intended root directory by supplying crafted destination paths...
EUVD-2026-21589
goshs is Missing Write Protection for Parametric Data Values...
UBUNTU-CVE-2026-31397
In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: fix use of NULL folio in movepageshugepmd movepageshugepmd handles UFFDIOMOVE for both normal THPs and huge zero pages. For the huge zero page path, srcfolio is explicitly set to NULL, and is used as a sentinel to...
PT-2026-30272
Name of the Vulnerable Software and Affected Versions SandboxJS versions prior to 0.8.35 Description SandboxJS has a flaw where direct assignment to global objects is blocked, but this protection can be bypassed through a callable constructor path using this.constructor.calltarget, attackerObject...
CVE-2026-25965
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/ can be...
CVE-2026-25722
Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protecti...
Claude Code Vulnerable to Command Injection via Directory Change Bypasses Write Protection
Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliabl...