Arbitrary File Write

Shopware is vulnerable to Arbitrary file write. The vulnerability is due to insufficient validation of uploaded plugin files, which allows an attacker to write files to arbitrary directories and upload a PHP shell, resulting in persistent shell access on on-premises installations...

CVE-2026-24765

A flaw was found in PHPUnit, a testing framework for PHP. This vulnerability involves unsafe deserialization of code coverage data during PHPT test execution. An attacker with local file write access can exploit this by placing a malicious serialized object into the file system. This can lead to...

CVE-2026-24478

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical Path Traversal vulnerability in the DrupalWiki integration allows a malicious admin or an attacker who can convince an admin to configure...

CVE-2025-69601

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

Linux Distros Unpatched Vulnerability : CVE-2026-24765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe...

EUVD-2025-206457

A directory traversal Zip Slip vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences e.g., ../ in ZIP entries to write files...

PT-2026-5149

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.6 OpenProject versions prior to 17.0.2 Description OpenProject is a web-based project management software. A file write issue exists in the repository diff download endpoint /projects/:project...

AltumCode 66biolinks security vulnerabilities

AltumCode 66biolinks is a platform-building script provided by AltumCode Corporation. The version 44.0.0 of AltumCode 66biolinks contains a security vulnerability. This vulnerability stems from a directory-traversal vulnerability present in the static site functionality, which could lead to...

GHSA-VVJ3-C3RP-C85P PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling

Overview A vulnerability has been discovered involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserializes code coverage files without validation, potentially allowing remote code execution if malicious...

CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

CVE-2026-24347 Arbitrary file write to /tmp directory in EZCast Pro II Dongle

Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory...

CVE-2026-24347

CVE-2026-24347 : The Red Hat/NVD/NVD enrichment entries describe an improper input validation in the Admin UI of EZCast Pro II (version 1.17478.146) that allows an attacker to manipulate files in the /tmp directory. This is tied to the EZCast Pro II dongle/application and is actionable via the Ad...

CVE-2026-24347 Arbitrary file write to /tmp directory in EZCast Pro II Dongle

Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the repoName parameter, when the TAP 4 map file content is externally controlled. An attacker can write files outside the intended cache base directory by supplying a crafted value containing directory traversal...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the repoName parameter, when the TAP 4 map file content is externally controlled. An attacker can write files outside the intended cache base directory by supplying a crafted value containing directory traversal...

CVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

CVE-2026-24686 go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

CVE-2026-24686

The CVE affects go-tuf (The Update Framework for Go), specifically the TAP 4 Multirepo Client. A map-file repository name (repoName) is used as a filesystem path component when selecting the LocalMetadataDir cache. If an untrusted map file is provided, an attacker can supply a repoName containing...

CVE-2026-24479 HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE

HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problemimportqduoj.php and problemimporthoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file...