44980 matches found
EUVD-2026-43554
FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...
EUVD-2026-43543
AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...
CVE-2026-49970
Vulnerability summary: Laravel-Mediable before 7.0.0 contains a path traversal flaw in File::sanitizePath() that lets attackers write uploaded files to arbitrary locations via MediaUploader::toDestination(), due to a permissive regex allowing dot/slash and a weak trailing trim. This can enable re...
CVE-2026-22097
The firmware update mechanism does not include cryptographic signature validation. This allows anyone with access to the firmware update capability to upload arbitrary files which can then lead to arbitrary code execution...
CVE-2026-22097
The CVE-2026-22097 entry describes a vulnerability where the firmware update mechanism does not perform cryptographic signature validation, allowing an attacker with access to the firmware update capability to upload arbitrary files that can lead to arbitrary code execution. The issue is document...
CVE-2026-22102
CVE-2026-22102 describes an issue where a POST request to a specific webserver endpoint can write to arbitrary file locations. The filename parameter is taken from the Content-Disposition header without verification, enabling: Denial of service by overwriting system files Potential remote code ex...
CVE-2026-22102 Arbitrary file overwrite through certificate update functionality
A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...
CVE-2026-57815
CVE-2026-57815 documents a path traversal vulnerability in the WordPress plugin Forminator (WPMU DEV Your All-in-One WordPress Platform Forminator) affecting version range up to and including 1.55.0.2. The issue is described as Improper Limitation of a Pathname to a Restricted Directory, enabling...
CVE-2026-57815 WordPress Forminator plugin <= 1.55.0.2 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows Path Traversal.This issue affects Forminator: from n/a through = 1.55.0.2...
CVE-2026-57710 WordPress WoowBot Pro Max plugin <= 14.1.7 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in quantumcloud WoowBot Pro Max woowbot-pro-max allows Using Malicious Files.This issue affects WoowBot Pro Max: from n/a through = 14.1.7...
CVE-2026-57401 WordPress SureDash plugin <= 1.8.0 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through = 1.8.0...
CVE-2026-57719 WordPress Aimogen Pro plugin <= 2.8.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in CodeRevolution Aimogen Pro aimogen-pro allows Using Malicious Files.This issue affects Aimogen Pro: from n/a through = 2.8.3...
CVE-2026-57709
CVE-2026-57709 affects the WordPress plugin WP Swings Membership For WooCommerce (Membership For WooCommerce) up to version 3.1.0. The issue is a path traversal vulnerability caused by improper limitation of a pathname to a restricted directory, enabling arbitrary file deletion. CVSS v3.1 base sc...
CVE-2026-57719
CVE-2026-57719 affects the WordPress plugin Aimogen Pro (versions up to and including 2.8.3). The vulnerability is described as Unrestricted Upload of File with Dangerous Type (Arbitrary File Upload) in Aimogen Pro, allowing attackers to upload malicious files. The CVSS v3.1 metrics indicate a ba...
CVE-2026-57710
Summary: The WordPress plugin WoowBot Pro Max (woowbot-pro-max) up to version 14.1.7 is affected by an Unrestricted/Arbitrary File Upload vulnerability. The issue allows uploading dangerous files, classified as a Critical risk (CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). The affected line is...
CVE-2026-57389
CVE-2026-57389 affects Groundhogg WordPress plugin versions up to 4.4.1. The issue is described as an improper limitation of a pathname to a restricted directory (path traversal) that allows arbitrary file deletion. NVD/Patchstack entries indicate a High severity (CVSS 3.1 base score 8.6) with ne...
CVE-2026-57389 WordPress Groundhogg plugin <= 4.4.1 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Adrian Tobey Groundhogg groundhogg allows Path Traversal.This issue affects Groundhogg: from n/a through = 4.4.1...
CVE-2026-15540
CVE-2026-15540 affects SourceCodester Online Book Store System 1.0. The Administrative Interface file /admin/index.php contains a vulnerability where manipulating the page parameter leads to improper control of the filename used in include/require statements in PHP, i.e., a local file inclusion. ...
Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. id: CVE-2020-29453 info: name: Jira Server Pre-Auth - Arbitrary File...
Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload
Blueimp jQuery-File-Upload v9.22.0 contains an unauthenticated arbitrary file upload caused by insufficient validation in the upload component, letting remote attackers upload malicious files, exploit requires no authentication. id: CVE-2018-9206 info: name: Blueimp jQuery-File-Upload v9.22.0 -...