Linux Distros Unpatched Vulnerability : CVE-2026-42317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary...

CVE-2026-42317

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

CVE-2026-42317

Product: GLPIVulnerability: Arbitrary files deletion by a technicianAffected versions: from 0.78 up to, but not including, 10.0.25 and 11.0.7Root cause/condition: Webserver must have write rights on the target files; a logged-in technician can delete arbitrary files from the filesystemImpact (as ...

CVE-2026-42317 GLPI vulnerable to arbitrary files deletion by technician

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

EUVD-2026-34105

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

PT-2026-45956

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

ALPINE-CVE-2026-1933

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

BIT-MONGODB-2026-8053 FlatBSON Duplicate Field Index Drift

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

1C-Bitrix 安全漏洞

1C-Bitrix is a website platform system developed by the Russian company 1C-Bitrix. It integrates content management, e-commerce, and enterprise portal functions. Versions of 1C-Bitrix 25.100.500 and earlier contained security vulnerabilities. These vulnerabilities stemmed from users with the RIGH...

CVE-2026-41379

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Talk Voice configuration persistence. Attackers with operator.write privileges can exploit the chat.send endpoint to reach and modify sensitive voi...

CVE-2026-41359

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...

CVE-2026-20203

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles, has write permission on...

SUSE CVE-2026-23925

An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...

EUVD-2026-10026

An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...

CVE-2026-23925 Unauthorized host creation via configuration.import API by low-privilege user with write permissions

An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...

PT-2026-23666

Name of the Vulnerable Software and Affected Versions Zabbix affected versions not specified Description A Zabbix user with the 'User' role and template/host write permissions can create objects using the configuration.import API. This can result in unauthorized hosts being created, leading to...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the defVals parameter in the Edit Document Controller. An attacker can insert unauthorized data into restricted database fields by bypassing field-level access checks during record creation, provided the user...

CVE-2023-26479

XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is not handled well by the parser. As a consequence, some pages becomes unusable, including the user index if the page containing the faulty content is a user page and t...

The vulnerability of the validation component of the Aurora operating system, related to the lack of control over public rights to write the installed application files, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the validation component of the “Aurora” operating system is related to the lack of control over public rights to write the files that are installed by applications. Exploiting this vulnerability can lead to violations of data confidentiality, integrity, and accessibility...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from an authorization issue vulnerability that stems from...