1439 matches found
MAL-2026-2624 Malicious code in asciitoart (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d91767b12efcd1ad71b86b8d6770f33ddd3f1bfdec795dc04fd1d743a63a4591 Through an obscure way, one of the package files got overwritten by a remote obfuscated code, which appears to be an infostealer. After executing the malicious...
Exploit for CVE-2025-81110
CVE-2025-81110-PoC Improper Symbolic link handling in the PutC...
WordPress Tutor LMS plugin <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter vulnerability
Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'orderid' Parameter vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Tutor LMS versions = 3.9.7...
WordPress plugin Perfmatters 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-35177
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...
CVE-2026-35177
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...
EUVD-2026-19408
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...
Directus 安全漏洞
Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Versions of Directus prior to 11.16.1 contained a security vulnerability. This vulnerability stemmed from the TUS recoverable upload endpoint, which only performed...
EUVD-2026-17985
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings...
Tinybeans Private Family Album App 安全漏洞
Tinybeans Private Family Album App is a private album application developed by the American company Tinybeans. It is designed for recording and sharing family photos and moments of growth. The Tinybeans Private Family Album App v5.9.5-prod version has a security vulnerability. This vulnerability...
Docudepot PDF Reader 安全漏洞
Docudepot PDF Reader is a reading tool developed by Docudepot that supports the viewing and management of PDF documents. Version 1.0.34 of Docudepot PDF Reader contains a security vulnerability. This vulnerability stems from the possibility of arbitrary file overwriting, which could allow attacke...
MaruNuri 安全漏洞
MaruNuri is a comprehensive software system provided by MaruNuri Company, which offers content management and information publishing functions. Version 2.0.23 of MaruNuri contains a security vulnerability. This vulnerability stems from an arbitrary file overwriting during the file import process,...
App Craze Voice Recorder 安全漏洞
App Craze Voice Recorder is a mobile recording application developed by App Craze Company, which supports audio recording and management. Version 10.0 of App Craze Voice Recorder contains a security vulnerability. This vulnerability stems from an arbitrary file overwriting during the file import...
Exploit for Path Traversal in Isaacs Tar
🛡️ CVE-2026-31802 - Simple Proof of Concept Viewer !Downloa...
CLSA-2026-1774528630 openssh: Fix of 3 CVEs
CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the readDir API endpoint. An attacker can access and enumerate arbitrary directories and retrieve file names by sending crafted requests to the endpoint. Details A Directory Traversal attack also known as path...
CVE-2026-25744 OpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary Vitals
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the pkgutil.getdata function. An attacker can access files and directories outside the intended root directory by supplying crafted input to the resource argument. Details A Directory Traversal attack also known ...
Delete doesn’t mean gone. Here’s how File Shredder fixes that
You have done it a thousand times. Right-click. Delete. Empty Trash. Done. Except it's not done. That file, your tax return, your private photos, that EmbezzlementPlan.doc… it's all still sitting on your drive. Invisible to you, but not to anyone with a $30 recovery tool downloaded from the...
Zdir Pro 安全漏洞
Zdir Pro is a multi-functional private storage program developed by Zdir Pro Company in China. The version 4.x of Zdir Pro contains a security vulnerability. This vulnerability stems from a path traversal vulnerability in the ZIP extraction API, which may lead to file writes being performed outsi...