Openfind MailGates和Openfind MailAudit 安全漏洞

Openfind MailGates and Openfind MailAudit are products of Openfind Information Technology Company in China. Openfind MailGates is an email security protection system. This system supports email filtering and APT attack defense functions. Openfind MailAudit is a software used for enterprise email...

OpenHarness 安全漏洞

OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU. Previous versions of OpenHarness had security vulnerabilities. These vulnerabilities stemmed from the /memory show command not performing file system validation on path input parameters, allowing remote...

EUVD-2026-23100

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

CVE-2026-40191

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

EUVD-2026-22987

Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...

CVE-2026-20148

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is...

Slah CMS 安全漏洞

Slah CMS is a content management system developed by the Brazilian company Slah. Versions of Slah CMS prior to 1.5.0 contain security vulnerabilities. These vulnerabilities stem from improper access control in the config.php component, which may allow unverified attackers to access sensitive...

Cisco ThousandEyes Enterprise Agent 安全漏洞

Cisco ThousandEyes Enterprise Agent is an application developed by Cisco, a US-based company. It provides extended visibility, automated insights, and seamless workflows. There is a security vulnerability in Cisco ThousandEyes Enterprise Agent, which stems from improper access control in the loca...

CVE-2026-30994

Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...

Exploit for Improper Control of Dynamically-Managed Code Resources in N8N

n8n Expression Injection RCE Analysis CVE-2025-68613 This r...

CVE-2026-34619 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...

CVE-2026-34619

The CVE-2026-34619 entry affects ColdFusion versions 2023.18, 2025.6 and earlier. It describes an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability that could allow an attacker to access unauthorized files or directories outside intended restrictions. Expl...

CVE-2026-34619 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...

CVE-2026-27305

ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outsi...

CVE-2026-32212

Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...

perl: Perl threads have a working directory race condition where file operations may target unintended paths

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...

EUVD-2026-22276

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

EUVD-2026-22274

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

CVE-2026-4369

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...