CVE-2026-30281

An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30286

CVE-2026-30286 : An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Cloud v32.0.2026011614 allows an attacker to overwrite critical internal files via the file import process, potentially yielding arbitrary code execution or information exposure. Affected component: the Zefiro Clo...

PT-2026-29301

Name of the Vulnerable Software and Affected Versions UXGROUP LLC Cast to TV Screen Mirroring version 2.2.77 Description A file overwrite issue exists in UXGROUP LLC Cast to TV Screen Mirroring version 2.2.77. Attackers can overwrite critical internal files through the file import process. This...

FLY is FUN Aviation Navigation 安全漏洞

FLY is FUN Aviation Navigation is a flight navigation and chart browsing application developed by the Czech company FLY is FUN. Version v35.33 of FLY is FUN Aviation Navigation contains a security vulnerability. This vulnerability stems from an issue with file import processes, where arbitrary...

InTouch Contacts & Caller ID 安全漏洞

InTouch Contacts & Caller ID is a communication management app developed by the Indian company InTouch. It provides features for backup of contacts, synchronization, and caller identification. Version 6.38.1 of InTouch Contacts & Caller ID contains a security vulnerability. This vulnerability ste...

CVE-2026-30290

An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

PT-2026-29329

An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...

CVE-2026-30285

An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30279

An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30277

An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30279

An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30278

An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

PT-2026-29299

An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

UXGROUP Cast to TV Screen Mirroring 安全漏洞

UXGROUP Cast to TV Screen Mirroring is a feature of the UXGROUP company that allows for wireless screen mirroring of mobile device content onto large-screen televisions. Version 2.2.77 of UXGGROUP Cast to TV Screen Mirroring contains a security vulnerability. This vulnerability stems from an issu...

CVE-2026-30281

An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-30284

An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

Summary A Path Traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server...

CVE-2025-15036

A flaw was found in mlflow. A path traversal vulnerability exists in the extractarchivetodir function, which is responsible for extracting archives. An attacker who can control the input tar.gz file can exploit this vulnerability due to insufficient validation of paths within the archive. This...

SUSE-SU-2026:20949-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request bsc1253584. - CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validat...

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained a security vulnerability. This vulnerability stemmed from the lack of ownership checks for the/api/v1/retrieval/process/files/batch endpoint, which cou...