CVE-2026-9101

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

Prototype pollution in csv parsing

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

PT-2026-42201

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

MongoDB Compass 安全漏洞

MongoDB Compass is a free interactive tool provided by the American company MongoDB. It is used for querying, optimizing, and analyzing MongoDB data. There is a security vulnerability in MongoDB Compass, which stems from prototype pollution. This vulnerability may allow certain users to access...

CVE-2026-3780

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...

CVE-2026-3780 Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...

Wazuh 代码注入漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. There is a code injection vulnerability in versions 2.1.0 before 4.8.0 of Wazuh Agent an...

EUVD-2026-1467

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...

EUVD-2019-13701

Malware in sbrugna...

EUVD-2004-2125

Malware in sbrugna...

EUVD-2024-3267

Malicious code in bioql PyPI...

EUVD-2022-42444

Malicious code in bioql PyPI...

GHSA-GGJM-F3G4-RWMM n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...

n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...

CVE-2024-51756

The cap-std project is organized around the eponymous cap-std crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however i...

CVE-2010-5246

Multiple untrusted search path vulnerabilities in Maxthon Browser 1.6.7.35 and 2.5.15 allow local users to gain privileges via a Trojan horse 1 RSRC32.dll or 2 dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .html file. NOTE: the provenance of this...

CVE-2024-8765 Improper Path Equivalence Resolution in lunary-ai/lunary

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

Linux Distros Unpatched Vulnerability : CVE-2015-3409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working...

PT-2024-34887 · Cap-Std +1 · Cap-Std +2

Name of the Vulnerable Software and Affected Versions: cap-std versions prior to 3.4.1 cap-primitives versions prior to 3.4.1 cap-async-std versions prior to 3.4.1 Description: The cap-std project's filesystem sandbox implementation on Windows has a flaw that allows untrusted filesystem paths to...

Node.js: insecure loading of ICU data through ICU_DATA environment variable

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...