CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

EUVD-2026-5044

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2026-0963

The CVE-2026-0963 entry concerns Crafty Controller's File Operations API Endpoint, where an input neutralization flaw allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal. The vulnerability affects the File Operations API Endpoint componen...

CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2026-1551

A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

Rockwell Automation ArmorStart LT Denial of Service Vulnerability (CNVD-2026-10849)

Rockwell Automation ArmorStart LT is a distributed motor controller from Rockwell Automation. A denial of service vulnerability exists in the Rockwell Automation ArmorStart LT, which originates from an unexpected device reboot during the execution of the Achilles Comprehensive limited storm test,...

PT-2026-5381

Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description An input neutralization issue exists in the File Operations API Endpoint component of Crafty Controller. A remote, authenticated attacker can exploit this to perform file tampering...

PT-2026-5389

Name of the Vulnerable Software and Affected Versions Johnson Controls Metasys versions 12.0 through 14.1 Johnson Controls Metasys Application and Data Server ADS versions 14.1 and prior Johnson Controls Metasys Extended Application and Data Server ADX version 14.1 Johnson Controls Metasys System...

Crafty Controller path traversal vulnerability

Crafty Controller is a Minecraft server control panel/launcher for Arcadia. Crafty Controller has a path traversal vulnerability, which stems from an input validation issue in the Backup Configuration component. This vulnerability could allow authenticated remote attackers to manipulate files and...

Crafty Controller path traversal vulnerability

Crafty Controller is a Minecraft server control panel/launcher for Arcadia. Crafty Controller has a path traversal vulnerability, which stems from an input validation flaw in the File Operations API Endpoint component. This vulnerability could allow authenticated remote attackers to manipulate...

PT-2026-5380

Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description An input neutralization weakness exists in the Backup Configuration component of Crafty Controller. A remote, authenticated attacker can exploit this to tamper with files and execut...

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

EUVD-2026-4942

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

EUVD-2026-4900

Juju has broken CMR authorization...

CVE-2026-1586 Open5GS SGWC s11-handler.c ogs_gtp2_f_teid_to_ip denial of service

A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogsgtp2fteidtoip of the file /sgwc/s11-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been published and may be used. It is...

ITSsourcecode School Management System SQL Injection Vulnerability

itsourcecode School Management System is an open-source school management system developed by itsourcecode. Version 1.0 of itsourcecode School Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameter IDs in the file...

CVE-2026-1551

A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

CVE-2026-1551 itsourcecode School Management System controller.php sql injection

A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

CVE-2026-1551 itsourcecode School Management System controller.php sql injection

A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...