Exploit for Improper Neutralization of Script in Attributes in a Web Page in Paloaltonetworks Pan-Os

CVE-2025-4615 — Technical Analysis & Proof of Concept Vulne...

CVE-2026-33529

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...

CVE-2026-33529 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...

CVE-2026-33529 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the AdvancedLoggingJSON configuration during support packet generation. An attacker can access arbitrary files on the host system by supplying a malicious file path. Details A Directory Traversal attack also known...

LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write

Summary A vulnerability has been identified that allows an authenticated administrator to execute arbitrary code on the host server. By modifying the binary path settings for built-in network tools and bypassing an input filter, an attacker with administrative privileges can download and execute...

GHSA-PR3G-PHHR-H8FH LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write

Summary A vulnerability has been identified that allows an authenticated administrator to execute arbitrary code on the host server. By modifying the binary path settings for built-in network tools and bypassing an input filter, an attacker with administrative privileges can download and execute...

CVE-2026-30345

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

CVE-2026-25928

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...

CVE-2026-23481

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.3

Red Hat OpenShift Service Mesh 3.2.3 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.2....

CVE-2026-32055

OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check...

CVE-2026-27897

Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the exportfile route. The application accepts a JSON payload containing a filename and content. While the developer intended for a native UI...

CVE-2026-27625

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

CVE-2026-33038

WWBN AVideo is an open source video platform. Versions 25.0 and below are vulnerable to unauthenticated application takeover through the install/checkConfiguration.php endpoint. install/checkConfiguration.php performs full application initialization: database setup, admin account creation, and...

CVE-2026-33309

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

CVE-2026-0898

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.6

Red Hat OpenShift Service Mesh 3.1.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.1....

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.9

Red Hat OpenShift Service Mesh 3.0.9 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.0....

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...