137 matches found
CVE-2026-23537
A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...
CVE-2026-49049
The CVE-2026-49049 entry concerns the Helix3 Joomla extension by joomshaper. The vulnerability arises from an exposed ajax handler task within Helix3 that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files, and update template parameters. This indicates a remot...
CVE-2026-45728
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...
CVE-2026-6832
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...
CVE-2026-7807 SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...
melange 路径遍历漏洞
Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange from 0.32.0 to 0.43.4 had a path traversal vulnerability. This vulnerability stemmed from insufficient validation of the arch and pkgname parameters, allowing attackers to write arbitrary JSON...
EUVD-2026-24517
Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...
CVE-2026-40318 SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. An attacker can inject path traversal...
EUVD-2025-209230
Memory corruption when decoding corrupted satellite data files with invalid signature offsets...
CVE-2025-47392
Memory corruption when decoding corrupted satellite data files with invalid signature offsets...
CVE-2026-34524
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read...
UNIX Symbolic Link (Symlink) Following
Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the handling of external data files when symbolic links are present. An attacker can access arbitrary files on the host system by crafting a symlink th...
Red Hat OpenShift AI 安全漏洞
Red Hat OpenShift AI is an AI lifecycle management platform developed by Red Hat Inc. There is a security vulnerability in Red Hat OpenShift AI, which stems from improper endpoint access control at the /save-document endpoint. This vulnerability could allow unverified remote attackers to write...
GHSA-QM7R-WWQ7-6F85 Statamic has a path traversal in file dictionary fieldtype
Impact Authenticated Control Panel users could read arbitrary .json, .yaml, and .csv files from the server by manipulating the file dictionary's filename configuration parameter in the fieldtype's endpoint. Patches This has been fixed in 5.73.14 and 6.7.0...
Digilent DASYLab 安全漏洞
Digilent DASYLab is a graphical data acquisition and application development platform developed by Digilent, Inc. There is a security vulnerability in Digilent DASYLab, which stems from out-of-bound writing when loading corrupted DSB files. This vulnerability may lead to information leakage or th...
Linux Distros Unpatched Vulnerability : CVE-2026-27810
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection...
UBUNTU-CVE-2026-27810
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
CVE-2026-27810 calibre Vulnerable to HTTP Response Header Injection
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
CVE-2026-27810
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...
EUVD-2026-9056
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...