322 matches found
CVE-2026-32713
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...
CVE-2026-32713 PX4 Autopilot MAVLink FTP Session Validation Logic Error Allows Operations on Invalid File Descriptors
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...
Adobe Commerce 代码问题漏洞
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a server-side request forgery vulnerability that can be exploited by an attacker to read arbitrary file systems...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005513)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005513 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqisyncwork before freeing oinfo ocfs2globalreadinfo will initialize and schedule...
Exploit for CVE-2026-2636
CVE-2026-2636: CLFS.sys Unrecoverable State Leading to BSoD !...
CVE-2026-27967
Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...
CVE-2026-27967 Symlink Escape in Agent File Tools
Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...
CVE-2026-27967
CVE-2026-27967 affects Zed code editor before 0.225.9. A symlink escape in Agent file tools (read_file, edit_file) lets reading/writing files outside the project directory when a project contains external symlinks, bypassing workspace boundaries and privacy protections (file_scan_exclusions, priv...
CVE-2026-27967
Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...
CVE-2026-27967 Symlink Escape in Agent File Tools
Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools readfile, editfile. It allows reading and writing files outside the project directory when a project contains symbolic links pointing to external paths. This bypasses the intended workspace...
CVE-2026-23739
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...
SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal
File Read Interface Case Bypass Vulnerability Vulnerability Name File Read Interface Case Bypass Vulnerability Overview The /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can...
CVE-2026-24738 gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values
gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...
Multiple Vulnerabilities in Node.js (Wednesday, May 14, 2025 Security Releases). Nessus Plugin ID 236766
In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...
OESA-2026-1215 assimp security update
Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was found in Open...
Exploit for CVE-2026-22812
README.md OpenCode CVE-2026-22812 Exploiter Simple Python tool...
CVE-2025-68705
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/readfilestream endpoint. This issue has been patched in version 1.0.0-alpha.79...
CVE-2017-20212 FLIR Thermal Camera F/FC/PT/D 8.0.0.64 Information Disclosure via File Reading
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile function to access...
CVE-2025-68705
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/readfilestream endpoint. This issue has been patched in version 1.0.0-alpha.79...
CVE-2025-68705 RustFS Path Traversal Vulnerability
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/readfilestream endpoint. This issue has been patched in version 1.0.0-alpha.79...