CVE-2026-39276

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...

Directory Traversal

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Directory Traversal via the dashboard management functionality. An attacker can cause unauthorized deletion of user accounts or...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the validatepathelementntfs function. An attacker can write arbitrary files and potentially execute code in the victim's user context by crafting malicious Git repositories with NTFS-hostile tree entries that are...

CVE-2026-10044

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.6.21 shipped with IBM Cloud Pak for Business Automation iFixes for April 2026

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation April 2026 security fixes update this dependency beyond 4.6.21 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2024-45310 DESCRIPTION: runc is a C...

CVE-2026-10044 ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

CVE-2026-10044 ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

CVE-2026-10044

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

CVE-2026-10044

Usagi-org ai-goofish-monitor on Windows is affected by an unauthenticated arbitrary file read via GET /api/prompts/{filename}. The vulnerability arises from an incomplete path traversal guard that blocks only forward slashes and '..'; attackers can supply absolute Windows paths or backslash-based...

Directory Traversal

Overview shamefile is a Turn linter suppressions from silent technical debt into reviewable, documented decisions. Affected versions of this package are vulnerable to Directory Traversal via the shame next process when processing a user-controlled shamefile.yaml. An attacker can disclose the...

Directory Traversal

Overview shamefile is an A cli tool to enforce documentation for code suppressions Affected versions of this package are vulnerable to Directory Traversal via the shame next process when processing a user-controlled shamefile.yaml. An attacker can disclose the contents of files outside the intend...

Kibana 8.19.16 and 9.3.5 Security Update (ESA-2026-30)

Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrat...

External Control of File Name or Path

Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to External Control of File Name or Path via the -o/--output argument in the trestle author jinja. An attacker can overwrite arbitra...

GHSA-MJ4X-VF5C-5XG8 compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal

Summary The compliance-trestle library's profile import mechanism resolves trestle:// URIs and relative file paths by joining them with trestleroot and calling .resolve, but performs no boundary check to ensure the resolved path stays within the trestle workspace. An attacker can craft a maliciou...

Directory Traversal

Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to Directory Traversal via the profile import mechanism. An attacker can read arbitrary files on the server filesystem by supplying ...

compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal

Summary The compliance-trestle library's profile import mechanism resolves trestle:// URIs and relative file paths by joining them with trestleroot and calling .resolve, but performs no boundary check to ensure the resolved path stays within the trestle workspace. An attacker can craft a maliciou...

RLSA-2026:19366 Important: python-markdown security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

python-markdown security update

An update is available for python-markdown. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

USN-8338-1 apache2 vulnerabilities

It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. CVE-2023-38709 Will Dormann and David Warren discovered that Apache HTTP Server'...

USN-8338-1: Apache HTTP Server vulnerabilities

It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. CVE-2023-38709 Will Dormann and David Warren discovered that Apache HTTP Server'...