7267 matches found
CVE-2026-23481 Blinko: Authenticated Arbitrary File Write - saveAdditionalDevFile
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...
CVE-2026-23481
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...
CVE-2026-23481
CVE-2026-23481 affects Blinko, an AI-powered card note‑taking project. Before version 1.8.4, an authenticated user could perform an arbitrary file write via the saveAdditionalDevFile path, enabling potential tampering on the device hosting Blinko. The vulnerability is classified with CVSS v4.0 ba...
EUVD-2026-14531
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...
CVE-2026-23481 Blinko: Authenticated Arbitrary File Write - saveAdditionalDevFile
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...
CVE-2026-23484 Blinko: Authenticated Arbitrary File Write - saveDevPlugin
Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure normal user, not superAdminAuthMiddleware. At time o...
CVE-2026-23484
Blinko (AI-powered card note-taking project) is affected in versions up to 1.8.3 where the fileName parameter is not filtered, enabling path traversal to write files anywhere on the file system. The vulnerability is exploitable by authenticated users (normal user) because the interface only requi...
CVE-2026-0898
An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...
CVE-2026-0898 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25.
An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...
CVE-2026-0898 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25.
An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...
CVE-2026-0898
An arbitrary file-write vulnerability exists in the Pega Browser Extension (PBE) affecting Pega Robot Studio developers automating Google Chrome or Microsoft Edge on versions 22.1 or R25. Robot Runtime is not affected. The issue arises from a malicious website that could be loaded by a developer ...
CVE-2026-0898
An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the locateDAG process. An attacker can access arbitrary files by submitting specially crafted requests containing %2F-encoded slashes. Details A Directory Traversal attack also known as path traversal aims to...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the locateDAG process. An attacker can access arbitrary files by submitting specially crafted requests containing %2F-encoded slashes. Details A Directory Traversal attack also known as path traversal aims to...
Multiple vulnerabilities in Xerox FreeFlow Core (XRX26-005)
Overview Xerox FreeFlow Core contains multiple vulnerabilities listed below. Path traversal CWE-22 - CVE-2026-2251 XML external entity reference XXE CWE-611 - CVE-2026-2252 FUJIFILM Business Innovation Corp. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN...
PT-2026-27204
Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an authenticated arbitrary file write vulnerability in saveAdditionalDevFile. This issue has been patched in version 1.8.4...
Path Traversal
PyMuPDF is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the embedded get function in main.py, allowing attackers to manipulate paths and write files outside the intended directory, leading to arbitrary file write...
CVE-2026-32055
OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The vulnerability exists because the boundary check...
CVE-2026-23537
A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...
Directory Traversal
Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Directory Traversal via the serveStatic utility. An attacker can access arbitrary files from backend storage by sending specially crafted request...