CVE-2026-20122

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...

CVE-2026-20122

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...

CVE-2026-25701

An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: gain access to possible private information found in /var/lib/pcrlock.d manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the...

PT-2026-21879

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1 ASUSTOR ADM versions 5.0.0 through 5.1.2.RE51 Description A path traversal issue exists in the FTP Backup feature of ASUSTOR ADM. The software does not adequately sanitize filenames received from a...

CVE-2026-26359

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files...

CVE-2026-26359

Dell Unisphere for PowerMax, versions 10.2, contains an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files...

CVE-2026-26359

Dell Unisphere for PowerMax 10.2 is vulnerable to External Control of File Name or Path. A low-privileged, remote attacker could overwrite arbitrary files due to unsafely handled file names/paths. The CVSS 3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, and privile...

Fortinet FortiClient VPN FCConfig Utility Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient VPN. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

UBUNTU-CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

CVE-2026-25575

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...

Calibre 代码注入漏洞

Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer from India. It serves as a comprehensive e-book reading management and format conversion tool. Versions of Calibre 9.1.0 and earlier had a code injection vulnerability. This vulnerability stemmed from path travers...

Ubuntu 24.04 LTS : GitHub CLI vulnerabilities (USN-8012-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8012-1 advisory. It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An...

CVE-2026-25575

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...

CVE-2026-25575

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...

PT-2026-5973

Name of the Vulnerable Software and Affected Versions Tarot, Astro & Healing version 11.4.0 Description A flaw exists in the file import process that allows overwriting of critical internal files. Successful exploitation could lead to arbitrary code execution or disclosure of sensitive informatio...

BIT-PYTHON-MIN-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

CVE-2026-24936

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

EUVD-2026-5316

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

PT-2026-5980

Name of the Vulnerable Software and Affected Versions FUXA version 1.2.7 Description FUXA version 1.2.7 has an Unrestricted File Upload issue in the /api/upload API endpoint. The endpoint does not require authentication, which allows unauthenticated remote attackers to upload arbitrary files...

CVE-2025-14914

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution...