CVE-2026-8704

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

K000160876: Appliance mode iControl REST vulnerability CVE-2026-42930

Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions on a BIG-IP system. CVE-2026-42930 Impact An authenticated attacker with local system access and the Administrator role may be...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were caused by insufficient routing access control in the Nostr plugin’s HTTP configuration file, which might allow...

EUVD-2026-25276

A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing network access the ability to access the EGW management interface without authentication. Successful exploitation of this vulnerability could allow a user to read, modify, or delete files...

CVE-2026-6074

Intrado 911 Emergency Gateway EGW 5.x, 6.x, and 7.x contain a path traversal vulnerability in the downloaddebuglogfile.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory...

CVE-2026-6074 Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW)

Intrado 911 Emergency Gateway EGW 5.x, 6.x, and 7.x contain a path traversal vulnerability in the downloaddebuglogfile.php endpoint used for Debug Logs downloads. An unauthenticated attacker can manipulate the name parameter to read arbitrary files outside the intended directory...

ROS-20260417-73-0032

A vulnerability in the futimes function of the Node.js software platform is related to a flaw in the authorization procedure. Exploitation of the vulnerability could allow an attacker to gain access to modify files...

CVE-2026-33698

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...

Fortinet多款产品 路径遍历漏洞

Fortinet FortiOS are products of the American company Fortinet. Fortinet FortiOS is a security operating system specifically designed for the FortiGate network security platform. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiProxy is a secure network...

Directory Traversal

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Directory Traversal inadequate enforcement of access control in the readFile, saveFile, deleteFileOrFolder, renameFile, createFile, and createFolder endpoints, which fail ...

EUVD-2026-17824

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

CVE-2026-28265

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

CVE-2026-20037

CVE-2026-20037 affects Cisco UCS Manager Software with NX-OS CLI privilege levels. An authenticated, read-only user can connect to the NX-OS CLI and leverage unnecessary privileges to create or overwrite files or perform limited privileged actions on the device. The issue stems from excessive pri...

CVE-2026-20037

A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the...

PT-2026-21948

Name of the Vulnerable Software and Affected Versions Cisco UCS Manager Software affected versions not specified Description A flaw exists in the NX-OS CLI privilege levels of Cisco UCS Manager Software that could allow an authenticated, local attacker with read-only privileges to modify files an...

CVE-2026-26362

Dell Unisphere for PowerMax, versions 10.2, contains a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files...

Improper Directory Validation

@anthropic-ai/claude-code is vulnerable to improper directory validation. The vulnerability is due to insufficient validation of directory changes when using the cd command with write operations, which allows an attacker to navigate into protected folders e.g., .claude and create or modify files...

Dormakaba Access Manager security vulnerabilities

The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. The Dormakaba Access Manager has a security vulnerability, which stems from unencrypted flash memory. Physical access allows modification or reading of sensitive files, potentially...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001194)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001194 advisory. An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in...

MiracleLinux 7 : gvfs-1.36.2-3.el7 (AXSA:2019-4036:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4036:01 advisory. gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password CVE-2019-3827 Tenabl...