5147 matches found
CVE-2026-4135
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...
CVE-2026-4135
CVE-2026-4135 concerns Lenovo Software Fix. The description indicates that during installation, a local authenticated user could perform an arbitrary file write with elevated privileges, potentially impacting integrity and availability. Affected component is Lenovo Software Fix (no version detail...
CVE-2026-4135
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...
CVE-2026-4135
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...
CVE-2026-0827
CVE-2026-0827 concerns Lenovo Diagnostics and the HardwareScanAddin in Lenovo Vantage. The issue, discovered during internal testing, could allow a local authenticated user to perform arbitrary file writes with elevated privileges during installation or while running a hardware scan. The availabl...
CVE-2026-0827
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...
CVE-2026-0827
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...
CVE-2026-0827
During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware scan, could allow a local authenticated user to perform an arbitrary file write with elevated...
CVE-2026-40090
Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...
PT-2026-33056
Name of the Vulnerable Software and Affected Versions Lenovo Diagnostics affected versions not specified Lenovo Vantage HardwareScanAddin affected versions not specified Description An issue exists in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage. During installation or whil...
Lenovo Diagnostics 安全漏洞
Lenovo Diagnostics is a tool developed by Lenovo Corporation for scanning and diagnosing hardware faults on Lenovo computers. This tool helps users scan their computers, identify issues with the system, and repair them. Lenovo Diagnostics can also assist users in resolving various computer proble...
PT-2026-33060
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges...
CVE-2026-40090 Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write
Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a...
CVE-2026-40090 Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write
Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a...
CVE-2026-40090
Zarf (Airgap Native Packager Manager for Kubernetes) versions 0.23.0–0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation commands. The vulnerability arises because output file paths are constructed by joining a user-controll...
CVE-2026-35031
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...
WWBN AVideo has a Path Traversal in Locale Save Endpoint Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE)
Summary The locale save endpoint locale/save.php constructs a file path by directly concatenating $POST'flag' into the path at line 30 without any sanitization. The $POST'code' parameter is then written verbatim to that path via fwrite at line 40. An admin attacker or any user who can CSRF an...
EUVD-2026-22814
Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write...