562 matches found
CVE-2026-26960
node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting use...
PT-2026-20374
Name of the Vulnerable Software and Affected Versions node-tar versions 7.5.7 and below node-tar version 7.5.8 Description The node-tar package contains a flaw where an attacker-controlled archive, when extracted using default options, can create a hardlink inside the extraction directory that...
Exploit for CVE-2026-1862
CVE-2026-1862 Disclaimer This software has been created pu...
CVE-2026-23633 Gogs has arbitrary file read/write via path traversal in Git hook editing
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev...
Exploit for Out-of-bounds Write in Google Chrome
CVE-2025-5419 An uninitialized read vulnerability by incorrec...
EUVD-2020-30877
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the...
MiracleLinux 8 : glibc-2.28-164.el8 (AXSA:2021-2585:08)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2585:08 advisory. glibc: Arbitrary read in wordexp CVE-2021-35942 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c CVE-2021-27645 glibc: mqnotify...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...
CVE-2021-33217
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root...
CVE-2021-22712
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF Configuration Group File file i...
CVE-2021-22711
A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when malicious CGF Configuration Group File file i...
SUSE CVE-2025-13639
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...
CVE-2025-13639
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...
CVE-2025-13639
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...
CVE-2025-13639
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...
PT-2025-48764
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 143.0.7499.41 Description An improper implementation in WebRTC within Google Chrome could allow a remote attacker to perform arbitrary read/write operations through a specially crafted HTML page. The security...
CVE-2025-63889
The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value...
CVE-2025-11207
Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...
EUVD-2025-50802
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
EUVD-2025-50779
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...