171 matches found
GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to t...
MAL-2026-5610 Malicious code in coderzero (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bd26d5ae306572deded5926f2a32dd34de72377da3363cafc4c4026b9c5a93d When a user runs the coderzero CLI, the bundled Python client client/noderzero.py starts a clipboard monitor that polls pyperclip.paste every 300ms a...
CVE-2026-42987
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network...
CVE-2026-42987
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network...
CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution
...
CVE-2026-42987
The CVE-2026-42987 entry concerns a use-after-free in Windows Deployment Services (WDS) that enables an unauthenticated attacker to achieve remote code execution over the network . The associated CVSS 3.1 vector indicates network access, high impact on confidentiality, integrity, and availability...
EUVD-2026-35757
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network...
CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution
...
Windows Deployment Services (WDS) Remote Code Execution
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network...
PT-2026-47912
Name of the Vulnerable Software and Affected Versions Windows Deployment Services affected versions not specified Description A use after free issue in Windows Deployment Services allows an unauthorized remote attacker to execute arbitrary code over a network, potentially affecting the entire...
Microsoft Windows Deployment Services 资源管理错误漏洞
Microsoft Windows Deployment Services are a container for Windows deployment services an updated and redesigned version of Remote Installation Services RIS provided by Microsoft Corporation. These services allow for the setup of new computers through network-based unattended installations...
CVE-2026-10044
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
CVE-2026-10044 ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
CVE-2026-10044 ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
PT-2026-44540
Name of the Vulnerable Software and Affected Versions ai-goofish-monitor affected versions not specified Description An unauthenticated arbitrary file read issue exists in Windows deployments. Remote attackers can read arbitrary files by supplying absolute Windows paths or backslash-based travers...
Vulnerabilities Resolved in Veeam Backup & Replication 13.0.1.2067
All vulnerabilities documented in this article were resolved in Veeam Backup & Replication 13.0.1.2067. Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure Program...
Improper Encoding or Escaping of Output
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the script generation process in Windows deployments due to improper handling of command-line arguments in gateway.cmd. An attacker can execute...
CVE-2025-40540
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...
CVE-2025-40538
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...
CVE-2025-40541
An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...