37 matches found
Important: Red Hat Security Advisory: vim security update
An update for vim is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...
CVE-2026-46484
Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...
CVE-2026-40001
There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass...
RockyLinux 8 : vim (RLSA-2026:22730)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:22730 advisory. vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 Tenable has extracted the preceding description block directl...
RockyLinux 10 : vim (RLSA-2026:22711)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:22711 advisory. vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 Tenable has extracted the preceding description block direct...
PT-2026-46903
All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...
CVE-2026-10044
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
EUVD-2026-33061
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
CVE-2026-10044 ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
RockyLinux 9 : linux-sgx (RLSA-2026:18868)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18868 advisory. qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-tar: Arbitrary file overwrite and symlink...
PT-2026-44540
Name of the Vulnerable Software and Affected Versions ai-goofish-monitor affected versions not specified Description An unauthenticated arbitrary file read issue exists in Windows deployments. Remote attackers can read arbitrary files by supplying absolute Windows paths or backslash-based travers...
CVE-2026-40001
There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass...
CVE-2026-40001
Technical details about CVE-2026-40001 are not publicly available in the provided documents. The two entries describe a local privilege escalation in ZTE PROCESS Guard but do not specify impacted versions, vulnerable components, or fixes. Monitor for updates.
CVE-2026-40001
There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass...
PT-2026-37374
There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass...
CLSA-2026-1777943581 vim: Fix of 2 CVEs
CVE-2026-35177: fix path traversal bypass in zip.vim by using simplify to detect attacks that circumvent the previous regex-only check - CVE-2026-39881: fix command injection in netbeans interface via unsanitized defineAnnoType and specialKeys parameters...
CLSA-2026-1777889241 vim: Fix of 2 CVEs
CVE-2026-35177: fix path traversal bypass in zip.vim by using simplify to detect attacks that circumvent the previous regex-only check - CVE-2026-39881: fix command injection in netbeans interface via unsanitized defineAnnoType and specialKeys parameters...
Exploit for CVE-2026-1311
CVE-2026-1311 CVE-2026-1311 Sample PHP Payload Files...
GHSA-68M5-5W2H-H837 FUXA Affected by a Path Traversal Sanitization Bypass
Summary A flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences e.g., ....//, an attacker can write arbitrary files to the server filesystem, including sensitive directorie...