Missing Authentication

github.com/dgraph-io/dgraph is vulnerable to Missing Authentication. The vulnerability is due to the restoreTenant admin mutation missing authorization middleware validation, which allows an unauthenticated attacker to overwrite the database, access server-side files via file:// paths, and perfor...

CVE-2026-1890

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

CVE-2026-1890 LeadConnector < 3.0.22 - Unauthenticated Rest Call

The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data...

Windows File Shredder: When deleting a file isn’t enough

Most of us think deleting a file means it’s gone for good. But “delete” on a Windows device often just means “out of sight,” not necessarily “out of reach.” That’s where File Shredder, a new feature within Malwarebytes Tools for Windows, comes in. File Shredder lets you securely delete files from...

CVE-2026-20986

Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...

EUVD-2026-5389

Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...

CVE-2026-20986

Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members...

CVE-2026-20986

The vulnerability CVE-2026-20986 affects Samsung Members prior to Chinese version 15.5.05.4. A path traversal flaw allows local attackers to overwrite data within the Samsung Members application. The issue is confirmed in multiple sources (e.g., Red Hat, NVD, CVE records) and is tied to the Samsu...

PT-2026-6096

Name of the Vulnerable Software and Affected Versions Samsung Members versions prior to 15.5.05.4 Description A path traversal issue exists in Samsung Members. This allows local attackers to overwrite data within the application. Recommendations Update Samsung Members to version 15.5.05.4 or late...

CVE-2025-69981

FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the /api/upload API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files such as the SQLite user...

EUVD-2020-6636

Malware in sbrugna...

EUVD-2021-31329

Malicious code in bioql PyPI...

CVE-2025-39202

A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption...

SUSE CVE-2024-53220

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to account dirty data in getsecsrequired It will trigger system panic w/ testcase in 1: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:newcurseg+0xc81/0x2110 Call Trace:...

CVE-2024-47726

CVE-2024-47726 relates to the Linux kernel F2FS: a fix ensures all in-flight direct I/O (DIO) writes complete before removing blocks. The root cause was a race where a DIO could overwrite data in a block that would be reused by another inode if block removal occurred too early. Affected component...

CVE-2024-20444

A vulnerability in Cisco Nexus Dashboard Fabric Controller NDFC, formerly Cisco Data Center Network Manager DCNM, could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device. This vulnerability is due to insufficient...

New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks

Cybersecurity researchers have warned about a Windows version of a wiper malware that was previously observed targeting Linux systems in cyber attacks aimed at Israel. Dubbed BiBi-Windows Wiper by BlackBerry, the wiper is the Windows counterpart of BiBi-Linux Wiper, which has been put to use by a...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier, which stems from the system's...

WordPress 插件 跨站请求伪造漏洞

Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A cross-site request forgery vulnerability exists in Patreon WordPress versions prior to 1.7.0. An attacker can exploit this vulnerability to cause a logged-in user to overwrite or...

CVE-2020-8027

A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE...