4703 matches found
1Panel SQL Injection - Authenticated
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...
CVE-2026-58426
The CVE-2026-58426 affects Gitea, specifically the Actions Artifacts V4 signed URL mechanism, where an HMAC ambiguity enables cross-repository artifact read and cross-task upload-state write. The vulnerability stems from how signed URLs are validated, allowing unauthorized access across repositor...
CVE-2026-55700
A flaw was found in pnpm, a package manager. A remote attacker could exploit a vulnerability in the pnpm stage download command by providing a specially crafted package manifest. This could allow the attacker to write files to arbitrary locations on the system, leading to unauthorized modificatio...
CVE-2026-14340
GitHub Enterprise Server (GitHub ES) suffers an incorrect authorization vulnerability (CVE-2026-14340) where a user-to-server token scoped to a GitHub App installation could perform write operations on public repositories outside the token’s scope. The root cause is an authorization check that on...
CVE-2026-6685
FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in fread / fwrite fp-sect - sect cc during interleaved read/write on fragmented filesystems. This maps to CWE-191 Integer Underflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 6.1...
CVE-2026-57517
Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...
CVE-2026-8387
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...
CVE-2026-53906
MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...
EUVD-2026-40957
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...
CVE-2026-8387
CVE-2026-8387 : A vulnerability in allegroai/clearml up to version 1.16.5 permits relative path traversal when extracting ZIP archives via ZipFile.extractall() in StorageManager._extract_to_cache(). The missing path validation allows an attacker to write arbitrary files to the filesystem, with at...
kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...
PT-2026-54931
Name of the Vulnerable Software and Affected Versions allegroai/clearml versions prior to 2.1.6 Description Relative path traversal occurs during the extraction of .zip archives via the ZipFile.extractall method within the StorageManager. extract to cache function. This is caused by a lack of pat...
CVE-2026-58173
Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...
EUVD-2026-40354
Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...
PT-2026-53924
Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description A path traversal issue exists in the remember tool, allowing attackers to write arbitrary Markdown files to unintended locations on the filesystem. This is achieved by supplying a malicious...
CVE-2026-57953
The vulnerability affects Mythic prior to version 3.4.0.60 and is due to an authorization bypass that allows authenticated spectator-role users to perform unauthorized write operations via the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Exploitation...
EUVD-2026-40122
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...
CVE-2026-49049 Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...
PYSEC-2026-411 Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion
Summary A Path Traversal vulnerability allows any user or attacker supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard file-based runtime backend. This can result in application denial of service via crash loops when reading...
PYSEC-2026-385 Remote code execution in pytorch lightning
A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...