CVE-2026-28400

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

EUVD-2026-8909

Junrar has an arbitrary file write due to backslash Path Traversal bypass in LocalFolderExtractor on Linux/Unix...

Junrar has an arbitrary file write due to backslash Path Traversal bypass in LocalFolderExtractor on Linux/Unix

Summary A backslash path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on Linux/Unix. This can often lead to remote code execution e.g., overwriting...

CVE-2026-28400

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

EUVD-2026-9027

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer...

CVE-2026-3223

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer...

CVE-2026-3223

This CVE (CVE-2026-3223) concerns a Zip Slip vulnerability in Google Web Designer that enables Arbitrary file write and potential Privilege Escalation. The issue relates to the extraction process allowing unauthorized files to be written, affecting Google Web Designer as the affected product. Und...

CVE-2026-3223

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer...

CVE-2026-3223 Zip Slip leading to Arbitrary File Write and Privilege Escalation in Google Web Designer

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer...

CVE-2026-3223 Zip Slip leading to Arbitrary File Write and Privilege Escalation in Google Web Designer

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer...

SUSE-SU-2026:20551-1 Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.7.0 bsc1257128. Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS bsc1253189. - CVE-2024-45310: kubevirt vendored...

CVE-2026-27884

NetExec is a network execution tool. Prior to version 1.5.1, the module spiderplus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as ../ in them. An...

NLTK Downloader: Arbitrary File Write / Remote Code Execution via XML Attribute Injection in Package Index

Summary Field| Value ---|--- Component| nltk.downloader.Package Affected Version| NLTK element in the remote XML index contains a filename="..." attribute, it flows into kw and overwrites the safe value. The overridden filename is used directly at line 679 as the filesystem write destination:...

PT-2026-22387

Name of the Vulnerable Software and Affected Versions MCP Atlassian versions prior to 0.17.0 Description MCP Atlassian is a Model Context Protocol MCP server used with Atlassian products like Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker reaching the mcp-atlassian HTTP...

PT-2026-22339

Name of the Vulnerable Software and Affected Versions Google Web Designer affected versions not specified Description The software is susceptible to a zip slip vulnerability, which can lead to arbitrary file write and potential privilege escalation. A zip slip vulnerability occurs when a program...

CVE-2026-28269 Kiteworks Core has an OS Command Injection

Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...

CVE-2026-28208 Junrar has arbitrary file write due to backslash path traversal bypass in LocalFolderExtractor on Linux/Unix

Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on Linux/Unix...

CVE-2026-28208

Summary: Junrar is an open-source Java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on L...

CVE-2026-28208 Junrar has arbitrary file write due to backslash path traversal bypass in LocalFolderExtractor on Linux/Unix

Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on Linux/Unix...

CVE-2026-28208 Junrar has arbitrary file write due to backslash path traversal bypass in LocalFolderExtractor on Linux/Unix

Junrar is an open source java RAR archive library. Prior to version 7.5.8, a backslash path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content anywhere on the filesystem when a crafted RAR archive is extracted on Linux/Unix...