22932 matches found
CVE-2026-6360
Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...
MAL-2026-2884 Malicious code in forge-jsx (npm)
forge-jsx is a malicious npm package that impersonates an Autodesk Forge SDK. It was published as a fully-formed RAT from its first version on April 7, 2026. Installing the package on any non-CI machine deploys a persistent background agent that captures all keystrokes, monitors clipboard content...
EUVD-2025-209473
HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information...
RLSA-2026:7675 Important: nodejs24 security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
CVE-2025-52641
HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information...
CVE-2025-52641
HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information...
CVE-2025-52641 Internal Filesystem Exploration vulnerability
HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information...
CVE-2025-52641 Internal Filesystem Exploration vulnerability
HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information...
CVE-2025-52641
Technical details are not publicly available in the provided documents. Monitor for updates.
PT-2026-33175
Name of the Vulnerable Software and Affected Versions Barracuda RMM versions prior to 2025.2.2 Description An issue exists where overly permissive filesystem Access Control Lists ACLs on the 'C:WindowsAutomation' directory allow local attackers to gain SYSTEM-level privileges. Attackers can modif...
KLA90990 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in ANGLE can be exploited...
PT-2026-33016
Name of the Vulnerable Software and Affected Versions HCL AION affected versions not specified Description Certain system behaviors may allow exploration of internal filesystem structures. Exposure of this information can provide insights into the underlying environment, potentially aiding in...
GHSA-M63R-M9JH-3VC6 WWBN AVideo has an Incomplete fix: Directory traversal bypass via query string in ReceiveImage downloadURL parameters
Summary The directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function trygetcontentsfromlocal in objects/functionsFile.php uses...
CVE-2026-33098
Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2025-68649
An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer...
CVE-2025-68649
An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer...
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally...
📄 WebRemoteControl Unauthenticated Remote Filesystem Access
WebRemoteControl suffers from an unauthenticated remote filesystem access vulnerability. This proof of concept exploit lets you browse directory contents and access files. Exploit Title: WebRemoteControl - Unauthenticated Remote Filesystem Access Date: 2026-04-14 Exploit Author: Chokri Hammedi...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : kvmtool vulnerabilities (USN-8172-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8172-1 advisory. It was discovered that kvmtool did not properly manage memory under certain circumstances. A malicious guest attacker...
SUSE CVE-2026-32146
Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...