CVE-2026-25656

CVE-2026-25656 affects SINEC NMS User Management Component (UMC) across all versions and all SINEC NMS deployments where UMC is

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...

Directory Traversal

Overview github.com/alist-org/alist/v3/server/handles is a file listing program powered by Gin and Solidjs Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied path components in file operation handlers. An attacker can gain unauthorized access to, modify, or delete files belonging to other users by injecting traversal sequences into...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003384)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003384 advisory. An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003147)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003147 advisory. An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in...

CVE-2026-22777 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...

OESA-2026-1008 crun security update

crun is a fast and low-memory footprint OCI Container Runtime fully written in C. Security Fixes: crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creatio...

CVE-2021-33639

REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified...

CVE-2022-23143

ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files...

CVE-2022-23455

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files...

CVE-2020-7119

A vulnerability exists in the Aruba Analytics and Location Engine ALE web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as an underlying privileged operating system user...

CVE-2025-40592

A vulnerability has been identified in Mendix Studio Pro 10 All versions V10.23.0, Mendix Studio Pro 10.12 All versions V10.12.17, Mendix Studio Pro 10.18 All versions V10.18.7, Mendix Studio Pro 10.6 All versions V10.6.24, Mendix Studio Pro 11 All versions V11.0.0, Mendix Studio Pro 8 All versio...

CVE-1999-0959

IRIX startmidi program allows local users to modify arbitrary files via a symlink attack...

CVE-1999-0702

Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability...

CVE-1999-0765

SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor...

CVE-1999-0761

Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program...

CVE-2025-1056

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version...

PT-2026-28510

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus, a system container and virtual machine manager, has an issue in its API for retrieving VM screenshots. This API uses a temporary file for QEMU to write the screenshot to, which is then sent to...