xworm-c2-path-traversal

XWorm C2 Path Traversal Vulnerability Affected Versions...

PT-2026-2770

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requir...

CutePHP CuteNews 路径遍历漏洞

CutePHP CuteNews is a news management system. The system has features such as search, file upload management, access control, backup and restore. A path traversal vulnerability exists in CutePHP CuteNews version 6.6, which stems from a directory traversal in the Browse Templates feature that coul...

PT-2026-2458

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary...

HPE AOS 安全漏洞

HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE AOS 10 and HPE AOS 8 that stems from an arbitrary file write vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...

RHEL 9 : git-lfs (RHSA-2026:0472)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0472 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

RHEL 8 : git-lfs (RHSA-2026:0459)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0459 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing th...

CVE-2026-22786

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...

git-lfs: Git LFS may write to arbitrary files via crafted symlinks

A flaw was found in Git LFS. Running git lfs checkout and git lfs pull in a specially crafted repository, specifically with symbolic or hard links tracked by Git LFS and pointing to files outside the working tree or in a bare repository, can cause Git LFS to write to arbitrary file system locatio...

Mageia: Security Advisory (MGASA-2026-0002)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-0831

The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the savetemplatetofile function where user-controlled parameters like sessionid, contentid, and aipageids are used to construct file...

CVE-2026-0831 Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write

The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the savetemplatetofile function where user-controlled parameters like sessionid, contentid, and aipageids are used to construct file...

CVE-2026-0831 Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write

The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the savetemplatetofile function where user-controlled parameters like sessionid, contentid, and aipageids are used to construct file...

CVE-2026-0831

CVE-2026-0831 refers to Temptately (Templately) for WordPress. The Wordfence report confirms an Arbitrary JSON file write vulnerability in Templately

EUVD-2026-1852

The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the savetemplatetofile function where user-controlled parameters like sessionid, contentid, and aipageids are used to construct file...

Wget2: arbitrary file write via metalink path traversal in gnu wget2

...

CVE-2026-22685

DevToys (desktop app) has a path traversal vulnerability in its extension installation for versions 2.0.0.0–2.0.8.x, where processing NUPKG archives does not validate file paths, allowing crafted entries like ../../…/target-file to write outside the intended extensions directory. This could overw...

MGASA-2026-0002 Updated wget2 packages fix security vulnerability

Arbitrary File Write via Metalink Path Traversal in GNU Wget2. CVE-2025-69194...

WordPress plugin Templately 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-2031

Name of the Vulnerable Software and Affected Versions Templately versions prior to 3.4.9 Description The Templately plugin for WordPress is susceptible to an arbitrary file write issue. This is a result of insufficient input validation within the save template to file function. User-controlled...