44412 matches found
WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by endy in WordPress Plugin WP User Manager versions = 2.9.16...
USN-8394-1 yard vulnerability
It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...
CVE-2026-10732
All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...
BIT-AIRFLOW-2026-40861 Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler
A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...
EUVD-2026-34785
All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...
CVE-2026-10732
All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...
CVE-2026-10732
All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...
CVE-2026-10732
All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...
CVE-2026-10732
The CVE-2026-10732 entry affects the npm package decompress . It describes Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP with two entries sharing a path, where the first is a symlink to an arbitrary target and the second is a regular file. The file content can be wr...
CVE-2026-50590
In Mimecast Incydr before 2.6.0, arbitrary file access can occur...
CVE-2026-50590
In Mimecast Incydr before 2.6.0, arbitrary file access can occur...
CVE-2026-50590
In Mimecast Incydr before 2.6.0, arbitrary file access can occur...
EUVD-2026-34777
In Mimecast Incydr before 2.6.0, arbitrary file access can occur...
CVE-2026-50590
Mimecast Incydr vulnerability CVE-2026-50590 affects versions before 2.6.0, enabling arbitrary file access. The provided documents do not specify the underlying root cause, affected components, or a remediation. No exploitation details are given. Action: monitor for updates and vendor advisories ...
CVE-2026-50590
In Mimecast Incydr before 2.6.0, arbitrary file access can occur...
RLSA-2026:21755 Important: flatpak security update
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...
PT-2026-47060
MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...
Markdown Preview Enhanced 安全漏洞
Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Versions of Markdown Preview Enhanced prior to 0.8.28 contained security vulnerabilities. These vulnerabilities stemmed from the use of eval to parse WaveDrom expressions in untrusted markdown content, which...
PT-2026-46896
In Mimecast Incydr before 2.6.0, arbitrary file access can occur...
Mimecast Incydr 安全漏洞
Mimecast Incydr is a cloud-native internal risk management and data protection platform developed by Mimecast Corporation in the United States. Versions of Mimecast Incydr prior to version 2.6.0 contained security vulnerabilities that could lead to arbitrary file access...