7255 matches found
CVE-2026-27606
Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...
CVE-2026-27606 Rollup 4 has Arbitrary File Write via Path Traversal
Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...
CVE-2026-27606
Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...
CVE-2026-27606
CVE-2026-27606 affects Rollup: vulnerable in versions prior to 2.80.0, 3.30.0, and 4.59.0 due to insecure file name sanitization in the core engine, enabling arbitrary file write via path traversal. An attacker can use traversal sequences (e.g., ../) to overwrite files the build process can acces...
CVE-2026-27598
Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...
CVE-2026-27598
CVE-2026-27598 affects Dagu up to version 1.16.7. The issue is in the CreateNewDAG API (POST /api/v1/dags) where DAG name validation is skipped before writing to the file store, allowing an authenticated user with DAG write permissions to write arbitrary YAML files on the filesystem. Since Dagu e...
EUVD-2026-8576
Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...
📄 MS‑EVEN TOCTOU ElfrBackupELFW Arbitrary File Write
This module exploits a Time-of-Check Time-of-Use TOCTOU vulnerability in the MS-EVEN protocol Windows Event Log service. A low-privileged authenticated user can write arbitrary files to a remote Windows machine by abusing the ElfrBackupELFW RPC function. This module strictly follows the MS-EVEN...
📄 Calibre 9.2.1 Path Traversal / Arbitrary File Write
Calibre versions 9.2.1 and below are vulnerable to a path traversal flaw in the PDB file parser, affecting both the 132-byte and 202-byte header variants of the PDB reader implementation. The vulnerability allows a specially crafted PDB file to embed directory traversal sequences such as ../ with...
Rollup 路径遍历漏洞
Rollup is a JavaScript module developed by Rollup. Versions prior to Rollup 2.80.0, 3.30.0, and 4.59.0 contained a path traversal vulnerability. This vulnerability stemmed from improper filename handling in the core engine, which could allow arbitrary file writing and remote code execution throug...
CVE-2026-27117
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability "Zip Slip" exists in bit7z's archive extraction functionality. The library does not adequately validate file paths contained in archive...
CVE-2026-27117
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability "Zip Slip" exists in bit7z's archive extraction functionality. The library does not adequately validate file paths contained in archive...
CVE-2026-27117 bit7z has a path traversal vulnerability
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability "Zip Slip" exists in bit7z's archive extraction functionality. The library does not adequately validate file paths contained in archive...
CVE-2026-27117 bit7z has a path traversal vulnerability
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.11, a path traversal vulnerability "Zip Slip" exists in bit7z's archive extraction functionality. The library does not adequately validate file paths contained in archive...
CVE-2026-27117
CVE-2026-27117 concerns bit7z, a cross-platform C++ static library used for archive compression/extraction. Prior to 4.0.11, its archive extraction lacks proper validation of entry paths, enabling Zip Slip path traversal via relative paths, absolute paths, or symbolic links. This can allow writin...
Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory
The CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. While RenameDAG calls core.ValidateDAGName to reject names containing path separators line 273 in dags.go, CreateNewDAG skips this validation entirely and passes user input directly...
GHSA-6V48-FCQ6-FF23 Dagu: Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory
The CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. While RenameDAG calls core.ValidateDAGName to reject names containing path separators line 273 in dags.go, CreateNewDAG skips this validation entirely and passes user input directly...
CVE-2026-26222
Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...
CVE-2026-26222
The CVE-2026-26222 entry concerns Altec DocLink (now Beyond Limits Inc.) 4.0.336.0, where insecure .NET Remoting endpoints exposed over TCP and HTTP/SOAP via ObjectURI “doclinkServer.soap” allow unauthenticated access. The vulnerability arises from unsafe object unmarshalling, enabling remote att...
CVE-2026-26222 DocLink .NET Remoting Unauthenticated Arbitrary File Read/Write RCE
Altec DocLink now maintained by Beyond Limits Inc. version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does not require authentication and is vulnerable to unsafe object unmarshalling,...