CVE-2026-8628 EntreDroppers <= 1.1.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

EUVD-2026-38671

The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

Symfony HttpFoundation - Access Control Bypass via PATH_INFO

Symfony HttpFoundation component = 2.0.0 and prior to versions 5.4.50, 6.4.29, and 7.3.7 contains an access control bypass vulnerability. The Request class improperly interprets some PATHINFO values, producing URL paths without a leading /. This allows bypassing access control rules that are buil...

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

EUVD-2026-28714

In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...

CVE-2026-43408

In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following cephmdscfreepathinfo may crash. Example crash on Linux 6.18.12:...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the reading of UNIXDIAGVFS data in afunix without holding a lock. This could lead to accessing...

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Vulnerabilities exist in versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6. These vulnerabilities stem from Rack::Staticapplicablerules’ evaluation of header rules for PATHINFO when the original URL is encoded. The underlyin...

Drupal File Field Paths 安全漏洞

Drupal File Field Paths is an extension developed by Drupal Corporation that allows for custom file field storage paths. Versions of Drupal File Field Paths prior to 7.x-1.3 contained security vulnerabilities. These vulnerabilities stemmed from information leaks during the processing of file URIs...

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

Unity Linux 20.1070e Security Update: screen (UTSA-2026-005209)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005209 advisory. A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be...

CVE-2025-29844

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...

PT-2025-49218

The Twitscription plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the admin.php PATH INFO in all versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-29844

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...

EUVD-2025-201175

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...

CVE-2025-29844

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information...

PT-2025-49031

Name of the Vulnerable Software and Affected Versions FileStation affected versions not specified Description A flaw exists in the FileStation file cgi component that could allow remotely authenticated users to access file metadata and path information. Recommendations At the moment, there is no...

Synology Router Manager 路径遍历漏洞

Synology Router Manager SRM is a software used to configure and manage Synology routers from China-based Synology. A path traversal vulnerability exists in Synology Router Manager SRM, which originates from the FileStation file cgi that allows remote authenticated users to read file metadata and...