PT-2026-43311

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A local symlink attack is possible due to predictable file paths in the /tmp directory. The software uses a default statistics file path at '/tmp/fastnetmon.dat'. The print scre...

CVE-2026-48693

CVE-2026-48693 concerns the FastNetMon Community Edition up to 1.2.9. The issue is a local symlink attack due to predictable file paths in /tmp, notably the default statistics file at '/tmp/fastnetmon.dat'. The vulnerable code path opens this path with std::ios::trunc without following symlinks o...

Linux Distros Unpatched Vulnerability : CVE-2026-48847

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass...

PT-2026-43253

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...

CVE-2026-48847

Roundcube Webmail is affected in versions 1.6.x before 1.6.16 and 1.7.x before 1.7.1. The issue allows pre-authentication arbitrary file deletion via Redis/Memcache session poisoning bypass. The CVE notes a low-severity impact (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) with exploitation possible over ...

USN-8302-1: NLTK vulnerabilities

It was discovered that NLTK incorrectly validated file paths when opening files using the nltk.util module. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-0846 It was discovered that NLTK incorrectly validated file paths in multiple CorpusReader classes. An...

EUVD-2018-21885

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system...

Exploit for Infinite Loop in Dbgpt Db-Gpt

POCCVE-2024-36420 Local reproduction lab and nuclei template...

PCViewer 路径遍历漏洞

PCViewer is a folder manager from PCViewer, Inc. A path traversal vulnerability exists in PCViewer version vt1000, which stems from directory traversal and could allow an unauthenticated attacker to read arbitrary files by submitting a sequence of relative paths via a GET request...

Kenik Camera management Panel 路径遍历漏洞

Kenik Camera management Panel is a video surveillance management platform from Kenik. A path traversal vulnerability exists in Kenik Camera management Panel, which stems from a path traversal issue that could allow an unauthenticated attacker to send a GET request with an arbitrary file path to...

Softneta MedDream PACS Server Premium 路径遍历漏洞

Softneta MedDream PACS Server Premium is a medical image storage and reading platform from Softneta. A path traversal vulnerability exists in Softneta MedDream PACS Server Premium version 6.7.1.1, which originates from a directory traversal and could allow an unauthenticated attacker to read...

ROS-20260524-73-0044

A vulnerability in the Jenkins Automation Server is related to incorrect symbolic link detection prior to file access during .tar and .tar.gz archive extraction. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files...

CVE-2018-25353 Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

CVE-2018-25353 Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the...

Exploit for CVE-2026-6960

CVE-2026-6960 — BookingPress Pro ≤ 5.6 | Unauthenticated Arbit...

Yakamara Media Redaxo CMS Mediapool Addon 安全漏洞

Yakamara Media Redaxo CMS Mediapool Addon is an extension for media resource management within the REDAXO content management system developed by Yakamara Media. Versions of Yakamara Media Redaxo CMS Mediapool Addon prior to version 5.5.1 contained security vulnerabilities. These vulnerabilities...

WordPress BookingPress Appointment Booking Pro plugin <= 5.6 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by h0xilo in WordPress Plugin BookingPress Appointment Booking Pro versions = 5.6...

Unity Linux 20.1070e Security Update: mojarra (UTSA-2026-016756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016756 advisory. Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. Tenable has extracted the...

VulnCheck KEV: CVE-2017-7577

XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request...

Unity Linux 20.1060e / 20.1070e Security Update: nodejs-fstream (UTSA-2026-016675)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016675 advisory. fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file th...