CVE-2026-30345

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

PT-2026-26159

Reported: 2026-03-08 Status: patched and released in version 3.5.3 of @apostrophecms/import-export --- Product | Field | Value | |---|---| | Repository | apostrophecms/apostrophe monorepo | | Affected Package | @apostrophecms/import-export | | Affected File |...

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the Feishu media download process failing to properly filter special elements in the path of a resource or file, which can be exploited by a...

Romeo 路径遍历漏洞

Romeo is an open-source Go application code coverage calculation tool developed by CTFer.io. Versions of Romeo prior to 0.2.2 contained a path traversal vulnerability. This vulnerability stemmed from defects in the path traversal checks, which could lead to arbitrary file writing...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory 2026-03-18: SECURITY-3657 / CVE-2026-33001: Arbitrary file write vulnerability through specially crafted archives in Jenkins High SECURITY-3674 / CVE-2026-33002: DNS rebinding vulnerability in WebSocket CLI origin validation in Jenkins High...

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler password could get changed without providing the old password IMAP Injection + CSRF bypass in mail search remote image blocking bypass via various SVG animate attributes remot...

CVE-2026-32297

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

CVE-2026-32297

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

CVE-2026-32297 Angeet ES3 KVM unauthenticated arbitrary file write

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

CVE-2026-32297 Angeet ES3 KVM unauthenticated arbitrary file write

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

CVE-2026-32297

The CVE-2026-32297 entry concerns the Angeet ES3 KVM. It describes a remote, unauthenticated condition whereby an attacker can write arbitrary files, including configuration files or system binaries, enabling potential complete system compromise. According to the metrics, CVSS v3.1 indicates high...

Exploit for Path Traversal in Python Setuptools

HackTheBox - VariaType Machine Writeup !HTBhttps://img.shie...

PT-2026-35967

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.4.0 through 4.14.3 Description A path traversal issue exists in the cluster synchronization extraction routine, specifically within the decompress files function. This allows an authenticated cluster peer to write arbitrary...

📄 WordPress WPvivid 0.9.123 Arbitrary File Write

This Metasploit module exploits an unauthenticated arbitrary file write vulnerability in the WPvivid Backup plugin used in WordPress websites. The vulnerability allows an attacker to send a specially crafted encrypted payload to the vulnerable endpoint using the parameter wpvividaction=sendtosite...

SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write

Summary POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. Details...

GHSA-QVVF-Q994-X79V SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write

Summary POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. Details...

SUSE CVE-2026-30853

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook .rb input plugin src/calibre/ebooks/rb/reader.py allows an attacker to write arbitrary files to any path writable by the calibre...

CVE-2026-21005

Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege...

TencentOS Server 4: grafana (TSSA-2026:0168)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0168 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Exploit for Path Traversal in Python Setuptools

CVE-2025-47273: Path Traversal in setuptools.packageindex...