EUVD-2026-7405

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files during installation by placing a malicious DLL in advance in the same directory as the installer...

CVE-2026-3091

An uncontrolled search path element vulnerability in Synology Presto Client before 2.1.3-0672 allows local users to read or write arbitrary files and conduct denial-of-service during installation by placing a malicious DLL in advance in the same directory as the installer...

Synology Presto Client 代码问题漏洞

Synology Presto Client is a high-speed transfer tool developed by the Chinese company Synology. Versions of Synology Presto Client prior to 2.1.3-0672 contained a code vulnerability. This vulnerability stemmed from uncontrolled search path elements during the installation process, which could all...

OpenClaw: What is it and can you use it safely?

An AI tool with a funny name has caused quite a commotion as of late—including some allegations of machine consciousness—so here is a breakdown on OpenClaw. Launched in November 2025, OpenClaw is an open-source, autonomous artificial intelligence AI agent that was made to run locally on your own...

CVE-2019-25431

delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...

CVE-2026-26975

Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass...

CVE-2026-26975

Music Assistant (open-source media library manager) versions 2.6.3 and earlier are affected by an unauthenticated, network-adjacent vulnerability enabling Remote Code Execution. The flaw arises from the music/playlists/update API, which can bypass .m3u extension enforcement and write files anywhe...

Path Traversal

Signal K Server is vulnerable to a path traversal. The vulnerability is due to the validateAppId function blocking forward slashes / but not backslashes , which are treated as directory separators on Windows, allowing an authenticated attacker to escape the intended applicationData directory and...

CVE-2026-23633

Gogs (pre-0.13.4 and pre-0.14.0+dev) contains a path-traversal flaw in the Git hook editing endpoint that allows arbitrary file read/write via the :name parameter in /username/reponame/settings/hooks/git/:name. The vulnerability arises from URL-decoding the parameter and using it to build file pa...

Gogs 路径遍历漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions prior to 0.13.3 have a path traversal vulnerability; this...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via improper file access controls in the workflow creation or modification process. An attacker can modify sensitive host system files, including...

CVE-2026-25056

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...

EUVD-2026-5415

n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remo...

CVE-2026-24936 An improper input validation vulnerability was found in ADM while joining a AD Domain.

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

CVE-2026-25228

Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files and directories on the filesystem. The...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to using an image with a metadata.yaml containing templates. An attacker can read or overwrite arbitrary files on the host system, potentially leading to execution of arbitrary commands with elevated privileges, ...

CVE-2026-24046 Backstage has a Possible Symlink Path Traversal in Scaffolder Actions

Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files vi...

CVE-2026-24046 Backstage has a Possible Symlink Path Traversal in Scaffolder Actions

Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files vi...

CVE-2026-22914

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation...

CVE-2026-22914

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation...