225 matches found
CVE-2026-26960
node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...
UBUNTU-CVE-2026-26960
node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...
CVE-2026-26960
CVE-2026-26960 affects node-tar (Node.js tar handling). In versions 7.5.7 and earlier, a crafted archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary read/write by the extracting user. Root cause: using default options...
CVE-2026-24900
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...
MarkUs 安全漏洞
MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Version 2.9.1 of MarkUs contained a security vulnerability caused by improperly limited parameter ranges, which could allow access to arbitrary submission file contents...
CVE-2026-25650
MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...
CVE-2026-25650
MCP Salesforce Connector is a Model Context Protocol MCP server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10...
CVE-2025-70997
A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level...
JinJava Bypass through ForTag leads to Arbitrary Java Execution
Impact Vulnerability Type: Sandbox Bypass / Remote Code Execution Affected Component: Jinjava Affected Users: - Organizations using HubSpot's Jinjava template rendering engine for user-provided template content - Any system that renders untrusted Jinja templates using HubSpot's Jinjava...
EUVD-2026-4142
Copier safe template has arbitrary filesystem read access via symlinks when preservesymlinks: false...
CVE-2018-18771
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields...
PT-2025-52263
Name of the Vulnerable Software and Affected Versions Vega affected versions not specified Description The software contains a flaw due to inadequate input validation within the convert function when safeMode is active and the spec variable is an array. This allows an attacker to create a special...
EUVD-2025-38316
KubeVirt Vulnerable to Arbitrary Host File Read and Write...
Path Traversal
esm.sh is vulnerable to Path Traversal. The vulnerability is due to improper validation of the X-Zone-Id HTTP header when constructing filesystem paths, which allows an attacker to use ../ sequences to write files outside the intended storage directory and access arbitrary locations on the system...
GHSA-J44M-5V8F-GC9C Flowise is vulnerable to arbitrary file exposure through its ReadFileTool
Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...
EUVD-2019-15328
Malware in sbrugna...
EUVD-2019-7376
Malware in sbrugna...
EUVD-2005-2174
Malware in sbrugna...
EUVD-2018-7535
Malware in sbrugna...
EUVD-2010-2454
Malware in sbrugna...