pretix 安全漏洞

Pretix is a ticketing system developed by the German company Pretix. There is a security vulnerability in Pretix. This vulnerability stems from an API endpoint that does not verify whether the UUID used for downloading corresponds to the file that should be downloaded and whether it belongs to th...

CVE-2026-34985

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

UNIX Symbolic Link (Symlink) Following

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink...

CVE-2018-18406

An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...

CVE-2018-4468

This issue was addressed by removing additional entitlements. This issue is fixed in macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra. A malicious application may be able to access restricted files...

EUVD-2002-0272

Malware in sbrugna...

EUVD-2020-30747

Malware in sbrugna...

EUVD-2018-16254

Malware in sbrugna...

EUVD-2020-26500

Malware in sbrugna...

EUVD-2020-2471

Malware in sbrugna...

EUVD-2018-0399

Malware in sbrugna...

EUVD-2025-4861

Malicious code in bioql PyPI...

PT-2025-39358

Name of the Vulnerable Software and Affected Versions Yordam Katalog versions prior to 21.7 Description The software contains a path traversal flaw. An attacker can potentially exploit this by crafting a malicious path, such as 'dir/../../filename', to access unauthorized files and directories...

PT-2025-25642

Name of the Vulnerable Software and Affected Versions Drag and Drop Multiple File Upload for Contact Form 7 versions 1.3.8.9 and earlier Description The issue is related to insufficient file type validation, allowing unauthenticated attackers to bypass the plugin's blacklist and upload dangerous...

CVE-2022-22583

A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files...

CVE-2020-9968

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files...

CVE-2020-3835

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.3. A malicious application may be able to access restricted files...

PT-2025-15705 · Dnn · Dnn

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.8 Description: The issue affects DNN, an open-source web content management platform in the Microsoft ecosystem. In certain configurations, registered users may be able to craft a request to...

CVE-2025-2713

CVE-2025-2713 : Google gVisor's runsc component has a local privilege escalation vulnerability caused by incorrect handling of file access permissions. The issue arises because the process initially runs with root-like permissions until the first fork, allowing unprivileged users to access restri...