curl: curl External-Controlled Filename in `--url @file` Leads to Arbitrary File Overwrite

Vulnerability Report: curl External-Controlled Filename in --url @file Leads to Arbitrary File Overwrite 1. Product Overview curl is a widely used command-line tool and library libcurl for transferring data with URL syntax across multiple protocols such as HTTP, HTTPS, and FTP. It is preinstalled...

Security Updates for Microsoft Word Products (May 2026)

The Microsoft Word Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - Access of resource using incompatible type 'type confusion' in Microsoft Office Word allows an unauthorized attacker to execute code locally. CVE-2026-40364 - Use after free in...

The vulnerability of the WebDAV protocol implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WebDAV protocol implementation in Windows operating systems is related to the loading of files of a dangerous type due to improper external control of the name or file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code when a user accesses a...

PlexTrac 安全漏洞

PlexTrac is a penetration test reporting and management platform from the US-based PlexTrac, Inc. A security vulnerability exists in PlexTrac versions prior to 1.61.3 through 2.8.1, which stems from the presence of a filename or path external control vulnerability that allows an attacker to achie...