EUVD-2026-17180

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through improper validation of URL-encoded traversal sequences in the backend process. An attacker can delete critical configuration directories by supplying specially crafted paths. Details A Directory Traversal...

GHSA-V9P7-GF3Q-H779 @tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

Summary A Path Traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server...

EUVD-2026-17069

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation...

tudo-exploits-oswe-prep

tudo-exploits-oswe-prep A project contains all exploits of vul...

CVE-2026-4415

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation...

CVE-2026-4415

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation...

CVE-2026-4415 GIGABYTE｜Gigabyte Control Center - Arbitrary File Write

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation...

CVE-2026-4415 GIGABYTE｜Gigabyte Control Center - Arbitrary File Write

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation...

CVE-2026-4415

CVE-2026-4415 – Gigabyte Control Center : The vulnerability is described as an Arbitrary File Write when the pairing feature is enabled. Unauthenticated remote attackers can write arbitrary files to locations on the OS, enabling arbitrary code execution or privilege escalation. The CVSS metrics i...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the extractarchivetodir function. An attacker can overwrite arbitrary files or gain elevated privileges by supplying a crafted tar.gz file containing malicious paths during...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the...

PT-2026-28806

Name of the Vulnerable Software and Affected Versions Gigabyte Control Center affected versions not specified Description Gigabyte Control Center developed by GIGABYTE contains a flaw that allows unauthenticated remote attackers to write arbitrary files to any location on the underlying operating...

GIGABYTE Control Center 安全漏洞

GIGABYTE Control Center is an open-source hardware management and system tuning tool developed by GIGABYTE of Taiwan, China. GIGABYTE Control Center contains a security vulnerability. This vulnerability arises from the possibility of arbitrary file writing when the pairing function is enabled,...

ANT-2026-9VJ9JJXQ · junrar · Path Traversal

path-traversal medium GHSA-j273-m5qq-6825 Severity Claude high · Security research firm - · Maintainer medium Discovered by Claude Mythos Preview REPORT The report below was sent to the maintainer and sealed at approval. ANT-2026-9VJ9JJXQ: Arbitrary file write due to backslash path traversal...

CVE-2026-33645

Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The checkSum multipart field is used directly in...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034 — fontTools varLib Arbitrary File Write → RCE...

SUSE CVE-2026-32749

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outsi...

SUSE CVE-2026-33529

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...

CVE-2026-33989 @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...