CVE-2026-49982

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

CVE-2026-45287

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1 leaks one file descriptor on each successful ParseFile call. ParseFile opens the schema file and passes it to Parse without closing it...

CVE-2025-12793

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ' Security Update for MyASUS' section on the ASUS...

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

CMSimple_XH 安全漏洞

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from not cleaning or coding path segments under the control of an attacker, no details of the...

GO-2023-1713 Path traversal in github.com/sjqzhang/go-fastdfs

An attacker can craft a remote request to upload a file to "/group1/upload" that uses path traversal to instead write the file contents to an attacker controlled path on the server...

CVE-2022-35868

A vulnerability has been identified in TIA Multiuser Server V14 All versions, TIA Multiuser Server V15 All versions V15.1 Update 8, TIA Project-Server All versions V1.1, TIA Project-Server V16 All versions, TIA Project-Server V17 All versions V17 Update 6. Affected applications contain an untrust...

CVE-2017-6325

The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an...