CVE-2026-48831

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap...

UBUNTU-CVE-2026-48831

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap...

CVE-2026-48831

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap...

CVE-2026-48831

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap...

CVE-2026-48831

CVE-2026-48831 concerns Wine, where a .desktop file registers as a MIME handler for EXE and other Windows executables. In certain configurations, handling an EXE can cause the file to be executed with the invoker’s permissions, enabling sandbox escapes for Flatpak and Snap, since MIME handlers ar...

EUVD-2021-34801

WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint with the...

PT-2026-36499

Name of the Vulnerable Software and Affected Versions WhatsApp for Windows versions prior to 2.3000.1032164386.258709 Description An attachment spoofing issue exists due to improper handling of hidden control characters in filenames. Specifically, the application fails to properly sanitize or...

CVE-2026-6844 Binutils: binutils: denial of service vulnerabilities in readelf via crafted elf files

A flaw was found in the readelf utility of the binutils package. A local attacker could exploit two Denial of Service DoS vulnerabilities by providing a specially crafted Executable and Linkable Format ELF file. One vulnerability, a resource exhaustion CWE-400, can lead to an out-of-memory...

CVE-2026-31843

The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...

CVE-2016-20056 Spy Emergency build 23.0.205 Unquoted Service Path Privilege Escalation

Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service...

OpenText Operations Agent 安全漏洞

OpenText Operations Agent is a software developed by OpenText Corporation in Canada, used for managing and monitoring OpenText products and solutions. Versions of OpenText Operations Agent prior to 12.29 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of...

CVE-2026-33071

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

EUVD-2016-10803

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...

EUVD-2016-10805

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...

ZKTeco ZKAccess Professional 安全漏洞

ZKTeco ZKAccess Professional is an access control software developed by ZKTeco Technology ZKTeco in China. Version 3.5.3 of ZKTeco ZKAccess Professional contains a security vulnerability. This vulnerability stems from insecure file permissions, which may allow verified users to elevate their...

PT-2026-25665

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with...

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...

CVE-2024-50620

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable files when uploading...