Exploit for Path Traversal in Apple Safari

CVE-2026-20660 PoC Bundle This folder packages a standalone p...

CVE-2026-20660

creationtimestamp| type| source ---|---|--- 2026-02-13 10:15:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3meqblguz4y2m 2026-03-25 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities20260325 2026-03-26 03:00:12+00:00|...

CVE-2026-20660

A path handling issue was addressed with improved logic. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A remote user may be able to write arbitrary files...

About the security content of macOS Sonoma 14.8.4

About the security content of macOS Sonoma 14.8.4 This document describes the security content of macOS Sonoma 14.8.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...

CVE-2023-20660

In wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588383; Issue ID: ALPS07588383...

CVE-2025-20660

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186...

CVE-2025-20660

CVE-2025-20660 : In PlayReady TA, a missing bounds check enables an out-of-bounds read that can lead to local privilege escalation when the attacker already has System privileges. The issue does not require user interaction. A patch is available (Patch ID: DTV04436357; MSV-3186). Exploitation sta...

CVE-2025-20660

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186...

CVE-2023-42103

Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit...

CVE-2023-42103 Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit...

CVE-2023-42103

Ashlar-Vellum Cobalt AR File Parsing Use-After-Free allows remote code execution via AR file parsing. The flaw stems from not validating the existence of an object before performing operations, enabling code execution in the current process. Exploitation requires user interaction (visiting a mali...

CVE-2024-20660

Microsoft Message Queuing Information Disclosure Vulnerability...

CVE-2024-20660

CVE-2024-20660 concerns Microsoft Message Queuing (MSMQ) with an information disclosure vulnerability. Connected CNVD-2024-04951 states MSMQ contains a heap memory information disclosure vulnerability that an attacker could exploit to obtain sensitive data. The NVD entry for CVE-2024-20660 lists ...

CVE-2024-20660 Microsoft Message Queuing Information Disclosure Vulnerability

...

KB5034184: Windows Server 2012 Security Update (January 2024)

The remote Windows host is missing security update 5034184. It is, therefore, affected by multiple vulnerabilities - Microsoft ODBC Driver Remote Code Execution Vulnerability CVE-2024-20654 - Windows Kerberos Security Feature Bypass Vulnerability CVE-2024-20674 - Windows Group Policy Elevation of...

CVE-2023-20660

In wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588383; Issue ID: ALPS07588383...

CVE-2023-20660

CVE-2023-20660 affects the WLAN component in MediaTek devices, with an out-of-bounds read caused by an integer overflow that can lead to local information disclosure. Exploitation requires SYSTEM-level privileges, and no user interaction is needed. A patch is referenced (ALPS07588383 / ALPS075883...

CVE-2022-29299

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2022-29301

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

Cisco IP Phone Cleartext Password Storage Vulnerability

Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 8821 and 3905 suffer from an insecure password storage vulnerability. ======================================================================= title: Cleartext Storage of Phone Password product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832,...