CVE-2026-11858

Quanos SCHEMA ST4 on-premises is affected by a local privilege escalation due to insufficient authorization on the Client Update Service. The service, running as NT AUTHORITY\SYSTEM, exposes a .NET Remoting interface over a named pipe without proper access controls. A local authenticated low-priv...

CVE-2026-10094

CVE-2026-10094 is a path traversal vulnerability in SOLIDWORKS Visualize used with SOLIDWORKS Desktop releases 2024–2026. The underlying flaw permits an attacker to write arbitrary files on the server. Affected product scope is SOLIDWORKS Visualize (with the 2024–2026 desktop releases); no vendor...

CVE-2026-10094 Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026

A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server...

CVE-2026-50203 Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local file write outside the destination directory via malicious server-supplied directory-entry names

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

PT-2026-50563

Name of the Vulnerable Software and Affected Versions Postman Download Module affected versions not specified Description The postman download module fails to sanitize the workspace name field retrieved from the Postman API when constructing local directory paths. A malicious workspace name...

CVE-2026-48055 Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction

Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction,...

CVE-2026-48055

Streambert (Electron-based desktop app) has a Zip Slip vulnerability in its subtitle extraction logic affecting versions up to 2.4.0. The code concatenates raw archive entry names to a temporary directory, enabling path traversal and arbitrary file writes if a malicious ZIP with traversal sequenc...

yt-dlp: Arbitrary code execution via manifest downloads with aria2c

Summary If aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On Windows platforms, this can lead to immediate arbitrary code...

Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Summary Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration. Vulnerabilities 1. Arbitrary File Write via /screenshot and /pdf CWE-22, CVSS 9....

GHSA-365W-HQF6-VXFG Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Summary Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration. Vulnerabilities 1. Arbitrary File Write via /screenshot and /pdf CWE-22, CVSS 9....

Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution

Multiple security vulnerabilities in the Crawl4AI Docker API server affecting endpoints for crawling, markdown/LLM extraction, screenshots, PDFs, webhooks, monitoring, JavaScript execution, and configuration...

EUVD-2026-36744

remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability...

CVE-2026-30121

remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability...

CVE-2026-20262 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

CVE-2026-20262 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

CVE-2026-20262

Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) exposes an Arbitrary File Write vulnerability in its web UI. An authenticated, lower-privileged user can craft requests to a file-upload API endpoint to create/overwrite files on the OS, with potential for root escalation. Cisco has released...

Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

CVE-2026-30121

The CVE refers to CVE-2026-30121 affecting Remotion v4.0.409, describing an arbitrary file write vulnerability. The connected sources consistently identify the issue as arbitrary file write in Remotion, but none provide concrete technical details such as vulnerable component/trigger, root cause, ...

CVE-2026-45390

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

CVE-2026-30121

remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability...