CVE-2026-44343

WGDashboard (WireGuard VPN dashboard) contains a critical vulnerability prior to version 4.3.2 that could allow unauthenticated parties to access the host filesystem. The root cause details are not provided beyond the high‑level impact in the CVE record, and exploitation details are not disclosed...

CVE-2026-44343 WGDashboard: Critical Vulnerability in 4.3.2

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

EUVD-2026-29732

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

CVE-2026-31226

The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 2025-58-24 contains a critical command injection vulnerability CWE-78 in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system without proper...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

Windows Projected File System Elevation of Privilege Vulnerability

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

EUVD-2026-29386

A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH...

CVE-2026-42351

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories...

PT-2026-40356

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0 Description A null-pointer dereference exists in the UFS/UFS2 filesystem image parser. This occurs when opening a specially crafted UFS image where the root inode inode 2 is set to IFLNK symlink...

PT-2026-40159

Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally...

NanaZip 代码问题漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 had code-related vulnerabilities. These vulnerabilities stemmed from the UFS/UFS2 file system image parser, which unconditionally treated the root inode as a directory without checking...

NanaZip 安全漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained security vulnerabilities. These vulnerabilities stemmed from the GetAllPaths function in the UFS/UFS2 file system image parser, which allowed recursive subdirectories without...

Microsoft Projected File System 资源管理错误漏洞

The Microsoft Projected File System is an application system developed by Microsoft Corporation. It projects hierarchical data into the file system, making it appear as files and directories within the file system. The Microsoft Projected File System has a resource management vulnerability...

PT-2026-40065

The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 2025-58-24 contains a critical command injection vulnerability CWE-78 in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system without proper...

NanaZip 缓冲区错误漏洞

NanaZip is a compression software open-source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained a buffer error vulnerability. This vulnerability stemmed from a single-byte heap out-of-bounds write in the UFS/UFS2 file system image parser, which could lead to the...

CVE-2026-31226

The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 2025-58-24 contains a critical command injection vulnerability CWE-78 in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and execution of shell commands via os.system without proper...

NanaZip 数字错误漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained a numerical error vulnerability. This vulnerability stemmed from the UFS/UFS2 file system image parser not verifying the value of the fsipg field in the superblock. When this...

TinyZero 安全漏洞

TinyZero is an inference model training tool developed by Jiayi Pan, based on reinforcement learning, and aimed at replicating the DeepSeek R1 Zero. TinyZero has a security vulnerability. This vulnerability stems from the copy function in the HDFS file manipulation tool, which insecurely construc...

PT-2026-40268

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...