59915 matches found
SUSE CVE-2026-1933
A flaw was found in Samba's handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...
SUSE CVE-2026-2340
A flaw was found in Samba's vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via unsanitized input in the prefix, postfix, or dir parameters during path construction. An attacker can create files outside the intended temporary directory, potentially overwriting or placing files in sensitive...
PT-2026-43583
Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...
PT-2026-43693
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ntfs3 file system where new folios are not properly initialized before use. This occurs when new folios are allocated without being marked as uptodate and the ni...
Casdoor 3.54.1 - Arbitrary File Write via Path Traversal
Exploit Title: Casdoor 3.54.1 - Arbitrary File Write via Path Traversal Date: 2026-05-11 Exploit Author: sixpain Vendor Homepage: https://casdoor.org/ Software Link: https://github.com/casdoor/casdoor Version: 3.54.1 Tested on: Linux / Docker CVE : CVE-2026-6815 """ Casdoor Arbitrary File Write /...
Realtek rtl819x - Local Privilege
Exploit Title: Realtek rtl819x - Local Privilege Escalation Date: 2026-05-03 Exploit Author: Daniil Gordeev Vendor Homepage: http://www.realtek.com Software Link: https://github.com/iptime-gpl/userappsn104qi representative GPL release Version: Realtek rtl819x Jungle SDK, all known versions throug...
PT-2026-43578
Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 Description A path traversal issue exists in the Archiving Pull functionality. This occurs when there is an improper...
PT-2026-43591
Name of the Vulnerable Software and Affected Versions Synology Assistant versions prior to 7.0.6-50085 Description An origin validation error allows local users to write arbitrary files with restricted content during the installation process. Recommendations Update to version 7.0.6-50085 or later...
PT-2026-43581
Name of the Vulnerable Software and Affected Versions Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 Description An improper preservation of permissions issue exists in the Archiving Push functionality. This allows remote...
PT-2026-43590
Name of the Vulnerable Software and Affected Versions Synology Active Backup for Business Agent versions prior to 3.1.0-4967 Description An origin validation error occurs during installation, which allows local users to write arbitrary files containing restricted content. Recommendations Update t...
PT-2026-43584
Name of the Vulnerable Software and Affected Versions Synology Contacts versions prior to 1.0.10-20659 Description Improper neutralization of input during web page generation leads to a Cross-site Scripting XSS issue in the contact functionality. This allows remote authenticated users to read or...
PT-2026-43748
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the svs enable debug write function. The buf variable, which is allocated by memdup user nul, is not properly released if the kstrtoint function fails...
PT-2026-44001
Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS allow origins="...
PT-2026-44155
TL;DR This vulnerability affects all Kirby sites that allow the use of the link: … KirbyTag, the link: parameter of the image: … KirbyTag, the built-in image block with a link or the HTML importer for blocks, when content is authored by users who may not be fully trusted. The attack requires an...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that when allocating new folios in ntfscompresswrite, it does not mark them as uptodate...
PT-2026-44615
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds write occurs in the GPU, which allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially...
PT-2026-44681
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out-of-bounds write exists in the V8 JavaScript engine, which is the component responsible for compiling and executing JavaScript code. This issue stems from a JIT Just-In-Time loop...
PT-2026-44675
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds write in the GPU allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique used to break out of a...
PT-2026-44683
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description An out of bounds read and write issue exists in ANGLE. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a...