CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

CVE-2025-40948

The CVE-2025-40948 entry affects RUGGEDCOM ROX MX5000/MX5000RE, RX1400, RX1500/1501/1510/1511/1512/1524/1536, RX5000 (all versions

Security Bulletin: InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read (CVE-2026-3366)

Summary InfoSphere Optim Test Data Fabrication Resource Manager is affected by Arbitrary File Read via Path Traversal CVE-2026-3366. Vulnerability Details CVEID:CVE-2026-3366 DESCRIPTION: IBM InfoSphere Optim Test Data Fabrication could allow a remote attacker to traverse directories on the syste...

CVE-2026-29201

Insufficient input validation of the feature file name in feature::LOADFEATUREFILE adminbin call can cause arbitrary file read when a relative file path is passed...

PT-2026-40398

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

HashiCorp Nomad和HashiCorp Nomad Enterprise 后置链接漏洞

HashiCorp Nomad and HashiCorp Nomad Enterprise are both products from HashiCorp, a company based in the United States. HashiCorp Nomad is a simple and flexible scheduler and orchestrator. It’s used for managing containers and non-containerized applications on both local and cloud environments...

PT-2026-40386

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

PT-2026-40384

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

HashiCorp Nomad 后置链接漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator provided by the American company HashiCorp. It is used for managing containers and non-containerized applications on both local and cloud environments. Versions of HashiCorp Nomad prior to 0.1.2 contained a post-installation...

Pulpy 路径遍历漏洞

Pulpy is a lightweight tool developed by Enes Gökkaya that converts web applications into desktop applications. Versions of Pulpy prior to 0.1.1 contained a path traversal vulnerability. This vulnerability stemmed from an incomplete blacklist for the validateFsPath function, which could lead to...

changedetection.io 安全漏洞

changedetection.io is a website-based application developed by dgtlmoon, designed for change detection, monitoring, and notification. Versions of changedetection.io prior to 0.55.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of snapshot paths retrieved from back...

PT-2026-40543

Name of the Vulnerable Software and Affected Versions esm.sh versions 137 and earlier Description A Local File Inclusion LFI issue exists in the esbuild plugin's handling of the browser field within the package.json file. An attacker can publish a malicious npm package that leverages ../ sequence...

PT-2026-40343

Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories...

APSB26-52 : Security update available for Adobe Substance 3D Designer

Adobe has released an update for Adobe Substance 3D Designer that addresses important vulnerabilities. Successful exploitation could lead to arbitrary file system read and arbitrary code execution in the context of the current user...

EUVD-2026-29180

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

GHSA-42H5-H8QH-VV9V MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

CVE-2026-2614

A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...

GHSA-5VPG-RJ7Q-QPW2 Yii 2: Local file inclusion via view parameter name collision

The core view rendering method View::renderPhpFile calls extract$params, EXTROVERWRITE before the require statement that includes the view file. A caller-controlled parameter named file in the $params array overwrites the internal local variable that specifies which file is included — enabling a...

Yii 2: Local file inclusion via view parameter name collision

The core view rendering method View::renderPhpFile calls extract$params, EXTROVERWRITE before the require statement that includes the view file. A caller-controlled parameter named file in the $params array overwrites the internal local variable that specifies which file is included — enabling a...