2510 matches found
gryph 安全漏洞
Gryph is an AI-based coding proxy activity auditing and debugging tool developed by SafeDep. Versions of Gryph prior to 0.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the default log level being set to standard rather than minimum. As a result, sensitive file write...
Directory Traversal
Overview org.xwiki.platform:xwiki-platform-webjars-api is a XWiki Platform WebJars API. Affected versions of this package are vulnerable to Directory Traversal via the process that handles WebJar extension installation. An attacker can overwrite arbitrary files, including configuration files and...
CVE-2026-41917
OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...
CVE-2026-41917 OpenKM 6.3.12 Local File Inclusion via Admin Scripting
OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...
EUVD-2026-31833
OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...
EUVD-2018-21897
Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...
CVE-2018-25365 PCViewer vt1000 Directory Traversal via GET Request
PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system...
EUVD-2026-31387
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information...
Malicious code in configcat-trello-powerup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5365489bc7a763096bf4be47f80bd47e4513917d8b37ba2754e33ae11983872b package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host identifiers os.hostname,...
MAL-2026-4535 Malicious code in configcat-trello-powerup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5365489bc7a763096bf4be47f80bd47e4513917d8b37ba2754e33ae11983872b package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host identifiers os.hostname,...
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 CVSS score: 5.5, is a case of improper privilege management that could permit an unprivileged local user to disclose...
F5 Networks BIG-IP : iControl SOAP vulnerability (K000160973)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160973 advisory. A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrato...
CVE-2026-35593
Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. T...
kernel: crypto: algif_aead - Revert to operating out-of-place
A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...
Directory Traversal
Overview pymdown-extensions is an Extension pack for Python Markdown. Affected versions of this package are vulnerable to Directory Traversal in the getsnippetpath function. An attacker can access arbitrary files outside the intended directory by crafting a path that exploits improper directory...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to improper path validation in the repository checkout process. An attacker can modify files outside the intended target directory, including .git directories, by supplying a maliciously crafted repository payloa...
kernel: crypto: algif_aead - Revert to operating out-of-place
A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...
Malicious code in vfat-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 98a606c66789ae1326b7e1802465d1650ef2c691821578936448f403ec421bb0 The package exfiltrates sensitive files and env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2026-4163 Malicious code in vfat-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 98a606c66789ae1326b7e1802465d1650ef2c691821578936448f403ec421bb0 The package exfiltrates sensitive files and env variables --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
PT-2026-42024
Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. T...