PT-2026-44837

DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing unauthenticated local attackers to exploit Relative Path Traversal to download arbitrary system files...

PT-2026-44838

DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files...

CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

CVE-2026-43617

A flaw was found in rsync. When an rsync daemon is configured with "daemon chroot = /X" and uses hostname-based access control lists ACLs, and the chrooted directory /X lacks necessary DNS resolution files, a remote attacker can bypass hostname-based deny rules. This occurs because the daemon...

CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

CVE-2026-34911

A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information...

PT-2026-42658

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description A network-based actor can exploit a Path Traversal vulnerability in UniFi OS devices. This flaw allows the attacker to access files on the underlying system, which may be manipulated to gain...

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability that stems from path traversal attacks. This vulnerability could allow malicious actors with...

Ubiquiti UniFi OS Server 安全漏洞

The Ubiquiti UniFi OS Server is a server platform developed by the Ubiquiti company, designed for managing UniFi networks and security devices. The Ubiquiti UniFi OS Server has a security vulnerability that stems from path traversal attacks. This vulnerability may allow malicious actors with...

Malicious code in search-connector-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24aea8e5a7338c49dc96e3945ed4d695024c2e169f560e6f3426005ca4666ea4 package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identity hostname, username, homedi...

MAL-2026-4650 Malicious code in pubnub-moderation-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 750918c1551873c10f69bc746538652a6adf047d6c76231a40832fff30b74938 package.json declares "preinstall": "node index.js", causing index.js to run automatically on npm install. The script collects os.hostname,...

Malicious code in moneykit-cardano-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6186e5ec8b6cea4f1cec3b4284cf09f2e317dd7d745fb5f88e15b355497d08e package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identifiers and OS files —...

MAL-2026-4614 Malicious code in moneykit-cardano-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6186e5ec8b6cea4f1cec3b4284cf09f2e317dd7d745fb5f88e15b355497d08e package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identifiers and OS files —...

PT-2026-42441

Honeywell Control Network Module CNM contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access to protected data...

CVE-2021-47978 ProcessMaker 3.5.4 Local File Inclusion via Path Traversal

ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requests with directory traversal sequences to access sensitive system files like /etc/passwd without...

EUVD-2026-30049

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NT...

CVE-2020-37219

Joomla extension com_fabrik 3.9.11 contains a directory traversal vulnerability in image.php that lets unauthenticated attackers enumerate arbitrary files. By manipulating the folder parameter in onAjax_files, attackers can use path traversal sequences to list files in system directories outside ...

Plasma Workspace 安全漏洞

Plasma Workspace is an open-source application developed by the KDE GitHub Mirror project. It serves to run various components required for a Plasma-based environment. Plasma Workspace has a security vulnerability that stems from multiple issues, which may allow an infected plasmalogin service...

Claude Code 后置链接漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 1.3834.0 contained a post-installation vulnerability. This vulnerability stemmed from the CoworkVMService component running with SYSTEM privileges and without verifying wheth...