EUVD-2026-8833

The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fullPath function in the builtinbackupengine.go file. An attacker can write files to arbitrary locations on the file system by manipulating backup manifest files if they have read/write access to the backup...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fullPath function in the builtinbackupengine.go file. An attacker can write files to arbitrary locations on the file system by manipulating backup manifest files if they have read/write access to the backup...

CVE-2026-1311

The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path...

CVE-2026-1311

The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path...

CVE-2026-1311 Worry Proof Backup <= 0.2.4 - Authenticated (Subscriber+) Path Traversal via Backup Upload

The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path...

CVE-2026-1311 Worry Proof Backup <= 0.2.4 - Authenticated (Subscriber+) Path Traversal via Backup Upload

The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path...

CVE-2026-1311

The CVE-2026-1311 entry details a path traversal vulnerability in the Worry Proof Backup WordPress plugin (versions up to 0.2.4). Eligible: authenticated users with Subscriber-level access and above can upload a crafted ZIP via the backup upload function to write arbitrary files on the server, in...

Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities

Summary Multiple security vulnerabilities in the dependent components have been addressed in the latest update to IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2025-39697 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updati...

SUSE CVE-2026-27587

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...

SUSE CVE-2026-27606

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

CVE-2026-27800

Zed, a code editor, has a Zip Slip Path Traversal vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The extractzip function in crates/util/src/archive.rs fails to validate ZIP entry filenames for path traversal sequences e.g., ../. This allows a...

PT-2026-22204

Name of the Vulnerable Software and Affected Versions wger versions prior to 2.4 Description The software contains a flaw where routine detail action endpoints check a cache before verifying object ownership using self.get object. Cache keys are scoped only by the primary key pk and do not includ...

Zed 路径遍历漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.224.4 contained a path traversal vulnerability. This vulnerability stemmed from the extension’s archive extraction function, which did not validate the path traversal sequences in the filenames of ZIP archives, potential...

gvfs 注入漏洞

GVFS is a GNOME open-source virtual file system. GVFS has a vulnerability that stems from insufficient validation of file path inputs containing carriage return sequences, which could lead to the execution of arbitrary code or other serious issues...

PT-2026-22121

Name of the Vulnerable Software and Affected Versions Worry Proof Backup versions up to and including 0.2.4 Description The Worry Proof Backup plugin for WordPress is susceptible to a path traversal issue in all versions up to and including 0.2.4 through the backup upload functionality...

Linux Distros Unpatched Vulnerability : CVE-2026-27606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current...

CVE-2026-27735 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...