PT-2026-32948

Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue requires user interactio...

Adobe Reader < 26.001.21431 Multiple Vulnerabilities (APSB26-44) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 26.001.21431. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object...

PT-2026-32921

ColdFusion | Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 CVE: CVE-2026-27305 PT ID: PT-2026-32921 Vendor: Adobe Product: ColdFusion CVSS: 8.6 Credits: n/a Description: ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of...

PT-2026-32957

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

PT-2026-32958

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.7 Description An unauthenticated arbitrary file read is possible via ffmpeg argument injection through the query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds lowercase...

Adobe Acrobat < 24.001.30365 / 26.001.21431 Multiple Vulnerabilities (APSB26-44) (macOS)

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 24.001.30365 or 26.001.21431. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled...

Adobe Acrobat < 24.001.30365 / 26.001.21431 Multiple Vulnerabilities (APSB26-44)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 24.001.30365 or 26.001.21431. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled...

APSB26-38 : Security update available for Adobe ColdFusion

Adobe has released security updates for ColdFusion versions 2025 and 2023. These updates resolves critical and moderate vulnerabilities that could lead to arbitrary code execution, application denial-of-service, arbitrary file system read, and security feature bypass...

CVE-2026-40042

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

CVE-2026-40042

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

CVE-2026-40042

Pachno 1.0.6 is affected by an XML External Entity (XXE) injection in the TextParser helper. The vulnerability allows unauthenticated attackers to read arbitrary files by crafting malicious XML entities via wiki table syntax and inline tags in issue descriptions, comments, and wiki articles, whic...

CVE-2026-40042 Pachno 1.0.6 Wiki TextParser XML External Entity Injection

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

📄 Redaxo 5.20.1 Path Traversal

Redaxo versions 5.20.1 and below suffer from a path traversal vulnerability. CVE-2026-21857: Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read Overview | Field | Details | |---|---| | CVE ID | CVE-2026-21857 | | Severity | HIGH | | Advisory | View Advisory | | Discovered by...

📄 Pachno 1.0.6 Wiki TextParser XML Injection

Pachno version 1.0.6 suffers from an XML eXternal Entity XXE vulnerability in the wiki textparser. Pachno 1.0.6 Wiki TextParser XXE Vulnerability Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboratio...

Pachno 安全漏洞

Pachno is an open-source collaboration platform developed by Pachno. Version 1.0.6 of Pachno contains a security vulnerability, which stems from insecure XML parsing. This vulnerability could allow unverified attackers to read arbitrary files...

Medium: runc

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

Pachno 1.0.6 Wiki TextParser XXE Vulnerability

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

Exploit for Path Traversal in Redaxo

CVE-2026-21857: Redaxo has Path Traversal in Backup Addon Lead...

Exploit for CVE-2026-22557

CVE-2026-22557 -- UniFi Network Application Pre-Auth Path Trav...

SUSE CVE-2026-39977

flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...