105155 matches found
CVE-2026-12979
CVE-2026-12979 affects the FunnelKit WordPress plugin (before 3.15.0.6). The issue arises during template import: it does not validate a user-supplied path before deleting a file, allowing an administrator to perform path traversal and delete arbitrary .json files outside the intended directory, ...
CVE-2026-15925
The CVE-2026-15925 entry describes an Improper TLS hostname verification vulnerability in Snowflake Connector for Python and affects versions prior to 4.7.1. An on-path attacker who can intercept traffic could bypass hostname validation during HTTPS connections by presenting a certificate from an...
CVE-2026-55445
Qinglong vulnerability CVE-2026-55445: Before 2.20.1, the init guard in back/loaders/express.ts checked /api/user/init but not /open/user/init. After a subsequent rewrite of /open/* to /api/$1 (post-auth), an unauthenticated attacker could issue PUT /open/user/init to reset the administrator cred...
CVE-2026-62314
Anubis Web AI Firewall Utility vulnerable in versions 1.22.0–1.26.0-pre1 due to PathChecker.Check() trusting the client-controlled X-Original-URI header before r.URL.Path, enabling bypass of the challenge via ALLOW rules (e.g., ^/.well-known/.*$). A fixed release is 1.26.0-pre1; upgrade to mitiga...
CVE-2026-15921
The CVE-2026-15921 issue affects Node Version Manager (nvm) up to v0.40.5, where nvm ls-remote and similar commands parse the mirror index.tab and use each LTS codename as an alias filename without validation. A malicious mirror can return path-traversal codenames (e.g., ../../../.bashrc), causin...
CVE-2026-15921 nvm path traversal via a malicious mirror's LTS codename writes outside the alias directory
Node Version Manager nvm is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, nvm ls-remote and other commands that refresh remote LTS aliases, such as nvm install --lts parse the node.js mirror's index.tab and use each release's LTS...
CVE-2026-52890
CVE-2026-52890 affects Wekan (open-source Kanban, Meteor-based) before version 9.31. A logged-in board member can insert an attachment via the DDP /attachments/insert method using attacker-controlled versions.original.path and versions.original.storage. The insert rule checks only board write acc...
CVE-2026-49353
Summary (CVE-2026-49353): 9Router before 0.4.46 has a local‑only access gate in src/dashboardGuard.js that relies on Host and Origin headers to classify requests as local. In proxied/tunneled deployments (reverse proxy, Cloudflare Tunnel, Tailscale), these headers are attacker‑controlled, enablin...
CVE-2026-45533
DataEase prior to 2.10.23 contains a path traversal vulnerability in the export-center bulk delete API. Maliciously crafted identifiers can be passed to ExportCenterManage.delete using sequences like ../, enabling recursive deletion of arbitrary server directories during export task cleanup. Impa...
CVE-2026-40952
CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location...
CVE-2026-50030
DataEase prior to 2.10.23 exposes the SQL preview path (DatasetDataApi.previewSql/previewSqlCheck) via /de2api/datasetData/previewSql, accepting PreviewSqlDTO.sql, PreviewSqlDTO.datasourceId, and PreviewSqlDTO.isCross. The system stores decoded SQL in datasourceRequest.query and CalciteProvider.f...
CVE-2026-45419
DataEase contains an arbitrary file write vulnerability present before version 2.10.23. The flaw resides in template handling: the TemplateManageService#save, StaticResourceServer#saveFilesToServe methods and the /de2api/templateManage/save endpoint accept attacker-controlled staticResource names...
CVE-2026-62947
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...
EUVD-2026-44763
The PackagerResolver of Apache Ivy is able to download online artifacts and to repackage them in a format defined by a packager.xml file. This repackaging is done by an Ant script, which is stored in a subdirectory of the configured "buildRoot" directory. This subdirectory is calculated based on...
CVE-2026-26032
Summary of CVE-2026-26032 (Apache Ivy): The PackagerResolver can repack downloaded artifacts via an Ant script in a subdirectory of buildRoot. If any Ivy coordinates contain "../" sequences, an attacker who can access a packager repository can escape the buildRoot and overwrite other files. The i...
CVE-2026-20297
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...
CVE-2026-62947 OpenWrt: ACL bypass and arbitrary root file read via cgi-io cgi-download
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...
EUVD-2026-44756
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...
CVE-2026-62947
CVE-2026-62947 affects OpenWrt prior to 25.12.5 through the cgi-download handler in cgi-io, where the requested path is validated against the caller’s ubus session file ACL before canonicalization. The rpcd session.c uses fnmatch() without FNM_PATHNAME, enabling traversal such as an allowed wildc...
EUVD-2026-44736
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the editlocalapps and installapps capabilities could cause a legitimate app...