CVE-2026-44329

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and...

GHSA-3258-QMV8-FRP3 free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers

Summary free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and the requests reach the SMF business handlers. In the running Docker lab...

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

CVE-2026-39981 AGiXT has a Path Traversal in safe_join()

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

CVE-2026-32709

The CVE describes an unauthenticated path traversal in PX4 Autopilot MAVLink FTP that allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem. On NuttX targets, attacker-supplied paths bypass sanitization due to an empty FTP root, whi...

CVE-2026-28676

OpenSift (before version 1.6.3-alpha) has a path-construction defect in multiple storage helpers that failed to consistently enforce base-directory containment for file read/write/delete operations, creating a path-injection risk. CVSS 3.1 base score 8.8 (HIGH) with network attack vector, low att...

EUVD-2026-9987

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...

CVE-2026-28676 OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...

Microhard Systems IPn4G 安全漏洞

Microhard Systems IPn4G is a cellular wireless gateway from Microhard Canada. A security vulnerability exists in Microhard Systems IPn4G version 1.1.0, which stems from an uncleared parameter in the system-editor.sh script that could allow arbitrary files to be read, modified, or deleted...

SAP Business Connector Path Traversal Vulnerability

SAP Business Connector is a middleware from SAP, Germany. SAP Business Connector suffers from a path traversal vulnerability that can be exploited by an attacker to traverse directories on the system to read, write, overwrite, and delete arbitrary files on the host system...

CVE-2025-61934

A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the...

CVE-2025-61934

CVE-2025-61934 affects AutomationDirect Productivity Suite, version v4.4.1.19 . A vulnerability described as a binding to an unrestricted IP address allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and fold...

Kamaji 安全漏洞

Kamaji is a Kubernetes control plane manager open-sourced by Clastix Labs. A security vulnerability exists in Kamaji version 1.0.0 and earlier. An attacker exploited the vulnerability to cause certain TCP API servers to be able to read, write, and delete data...

PT-2024-29977 · Etcd +2 · Etcd +2

Name of the Vulnerable Software and Affected Versions: Kamaji versions 1.0.0 and earlier Description: The issue arises from Kamaji using an "open at the top" range definition in RBAC for etcd roles, allowing some TCPs API servers to read, write, and delete the data of other control planes. This c...

CVE-2023-41118

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. Cisco Identity Services Engine suffers from an...

CVE-2022-30264

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol 4000/TCP, 5000/TCP for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the...

Slyther - AWS Security Tool

Slyther is AWS Security tool to check read/write/delete access for S3 buckets Requirements aws-cli Installation pip3 install -r requirements.txt Usage example python3 slyther.py -b flaws.cloud Release History 0.0.3 Added option to check if aws-cli is installed or not 0.0.2 Added option to check...

CVE-2019-2424

Vulnerability in the Oracle Retail Convenience Store Back Office component of Oracle Retail Applications subcomponent: Level 3 Maintenance Functions. The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

SAP Point of Sale Xpress Server Access Authentication Vulnerability

SAP Point of Sale POS is a sales management system from SAP, Germany, of which Xpress Server is an Xpress server. A security vulnerability exists in Xpress Server in SAP POS, which stems from the program failing to require authentication. An attacker could exploit the vulnerability to...