CVE-2026-30345

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

CVE-2026-30345

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

CVE-2026-30345

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

PT-2026-26162

Name of the Vulnerable Software and Affected Versions MLflow affected versions not specified Description A flaw exists in the pyfunc extraction process within MLflow that can allow for arbitrary file writes. This occurs because of inadequate handling of entries within tar archives, specifically...

CTFd 安全漏洞

CTFd is an open-source Capture The Flag framework developed by CTFd. A security vulnerability exists in the version 3.8.1-18-gdb5a18c4 of CTFd. This vulnerability stems from a ZIP Slip issue in the administrator import function, which may allow attackers to write arbitrary files into directories...

PT-2026-26159

Reported: 2026-03-08 Status: patched and released in version 3.5.3 of @apostrophecms/import-export --- Product | Field | Value | |---|---| | Repository | apostrophecms/apostrophe monorepo | | Affected Package | @apostrophecms/import-export | | Affected File |...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory 2026-03-18: SECURITY-3657 / CVE-2026-33001: Arbitrary file write vulnerability through specially crafted archives in Jenkins High SECURITY-3674 / CVE-2026-33002: DNS rebinding vulnerability in WebSocket CLI origin validation in Jenkins High...

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the Feishu media download process failing to properly filter special elements in the path of a resource or file, which can be exploited by a...

Romeo 路径遍历漏洞

Romeo is an open-source Go application code coverage calculation tool developed by CTFer.io. Versions of Romeo prior to 0.2.2 contained a path traversal vulnerability. This vulnerability stemmed from defects in the path traversal checks, which could lead to arbitrary file writing...

OpenClaw 后置链接漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path restriction bypass vulnerability that can be exploited by an attacker to write a file to an arbitrary location...

CVE-2026-32297

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

CVE-2026-32297

The CVE-2026-32297 entry concerns the Angeet ES3 KVM. It describes a remote, unauthenticated condition whereby an attacker can write arbitrary files, including configuration files or system binaries, enabling potential complete system compromise. According to the metrics, CVSS v3.1 indicates high...

CVE-2026-32297 Angeet ES3 KVM unauthenticated arbitrary file write

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

CVE-2026-32297

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

Exploit for Path Traversal in Python Setuptools

HackTheBox - VariaType Machine Writeup !HTBhttps://img.shie...

PT-2026-35967

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.4.0 through 4.14.3 Description A path traversal issue exists in the cluster synchronization extraction routine, specifically within the decompress files function. This allows an authenticated cluster peer to write arbitrary...

📄 WordPress WPvivid 0.9.123 Arbitrary File Write

This Metasploit module exploits an unauthenticated arbitrary file write vulnerability in the WPvivid Backup plugin used in WordPress websites. The vulnerability allows an attacker to send a specially crafted encrypted payload to the vulnerable endpoint using the parameter wpvividaction=sendtosite...

SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write

Summary POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. Details...

GHSA-QVVF-Q994-X79V SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write

Summary POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. Details...

SUSE CVE-2026-30853

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook .rb input plugin src/calibre/ebooks/rb/reader.py allows an attacker to write arbitrary files to any path writable by the calibre...