26423 matches found
Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang:...
esm.sh: Legacy Route Path Traversal Can Lead to RCE
Impact - Arbitrary File Write – An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE – By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. Exploit The legacy router...
CVE-2026-45225
Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...
CVE-2026-45225 Heym < 0.0.21 Path Traversal File Upload via upload_file()
Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...
CVE-2026-35157
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...
CVE-2026-41647
A flaw was found in Incus, a system container and virtual machine manager. An authenticated Incus user can exploit a missing error handling vulnerability by importing a truncated storage bucket backup file. This can lead to a daemon crash, resulting in a Denial of Service DoS for the Incus servic...
CVE-2026-40195
A flaw was found in Incus, a system container and virtual machine manager. An authenticated user with access to the storage bucket feature can exploit a missing validation logic in the storage bucket import process. By providing a malicious or malformed index.yaml file that omits the configuratio...
CVE-2026-40197
A flaw was found in Incus, a system container and virtual machine manager. An authenticated user with access to the storage volume feature can exploit a nil-pointer dereference vulnerability during custom volume import operations. By supplying a specially crafted backup archive, the user can caus...
CVE-2026-40251
A flaw was found in Incus, a system container and virtual machine manager. An authenticated user with access to the storage volume feature can exploit missing validation logic in the storage volume import process or an out-of-bounds panic vulnerability in the backup restore subsystem. By submitti...
Security Bulletin: IBM Storage Scale System: Vulnerability in Linux kernel crypto subsystem could allow local privilege escalation (CVE-2026-31431)
Summary IBM Storage Scale Systems is affected by a security vulnerability identified in the Linux kernel's cryptographic interface CVE-2026-31431 that could allow a local user with low privileges to escalate to root privileges. The vulnerability has a CVSS score of 7.8 High and requires local...
EUVD-2026-29499
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /indexname/documents endpoint lacks proper authentication and authorization controls and does not validate the user-supplied pathorurl parameter...
EUVD-2026-29500
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...
CVE-2026-35415
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
CVE-2026-35415
Technical details about CVE-2026-35415 are not publicly available in the provided connected documents. Monitor for updates for specifics on affected products, impact, and mitigations once they are published.
CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
EUVD-2026-29622
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
CVE-2026-31216
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...
CVE-2026-8272
A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfilemgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public...
Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...