28654 matches found
4ga Boards 安全漏洞
4ga Boards is a real-time project management dashboard system developed by RAR Personal Developers. Versions of 4ga Boards prior to 3.3.5 contained security vulnerabilities. These vulnerabilities stemmed from timing side channels in the login endpoint, which could lead to user enumeration...
PT-2026-37123
Name of the Vulnerable Software and Affected Versions Kimai versions prior to 2.54.0 Description Team API endpoints in the TeamController.php file use the IsGranted'edit team' attribute instead of IsGranted'edit','team'. This causes the Symfony TeamVoter to abstain from voting, which removes...
EUVD-2026-25301
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
EUVD-2026-25302
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...
CVE-2026-6940
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6941
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...
CVE-2026-6941 radare2 < 6.1.4 Project Notes Path Traversal via Symlink
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...
CVE-2026-6941
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...
CVE-2026-6941
Summary: CVE-2026-6941 affects radare2 prior to 6.1.4 and is a local path traversal in project notes handling. A crafted .zrp archive containing a symlinked notes.txt can bypass directory confinement checks, causing note operations to follow the symlink and read or write files outside the configu...
CVE-2026-6941
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...
CVE-2026-6941
radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...
CVE-2026-6940 radare2 < 6.1.4 Project Deletion Path Traversal Directory Deletion
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6940
CVE-2026-6940 : radare2 versions before 6.1.4 contain a path traversal vulnerability in the project deletion feature. A local attacker can supply absolute paths that escape the dir.projects root to recursively delete arbitrary directories, by targeting project marker files outside the project sto...
CVE-2026-6940
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6940 radare2 < 6.1.4 Project Deletion Path Traversal Directory Deletion
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6940
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
CVE-2026-6940
radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...
Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others to find a...
CVE-2025-59582
creationtimestamp| type| source ---|---|--- 2026-04-23 10:01:52+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-59582.yaml 2026-04-24 21:02:34+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mkbgeonn2v2i...
Radare2 路径遍历漏洞
Radare2 is an open-source reverse framework for Unix-based geeks, developed by Radare. Versions of radare2 prior to 6.1.4 contained a path traversal vulnerability. This vulnerability stemmed from path traversal during project deletion, allowing local attackers to recursively delete any directory ...