CVE-2026-44612

Bytello Share Windows Edition installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

CVE-2026-31249

CosyVoice contains an insecure deserialization vulnerability (CWE-502) in its data processing tool make_parquet_list.py. The script loads PyTorch .pt files (utterance embeddings, speaker embeddings, speech tokens) with torch.load() without enabling weights_only=True, allowing the deserialization ...

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation via argument injection, which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file...

Linux Distros Unpatched Vulnerability : CVE-2018-18654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by a remote attack to the root directory which results in a Denial of Service (DoS) condition

Summary IBM Engineering Lifecycle Management could allow an unauthenticated remote attacker to update server configuration files which would allow them to perform unauthorized actions, subsequently leading to a Denial of Service condition. The associated CVE is addressed. Vulnerability Details...

The vulnerability of TP-Link Archer c20 router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.

The vulnerability of TP-Link Archer c20 router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by adding the parameter “Referer: http://tplinkwifi.net” to the...

Path traversal

An improper Limitation of a Pathname to a Restricted Directory Path Traversal vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system...

CVE-2022-41722

A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative if invalid path into an absolute path could enable a directory traversal...

Metasploit Framework 6.3 Released

The Metasploit team is pleased to announce the release of Metasploit Framework 6.3, which adds native support for Kerberos authentication, incorporates new modules to conduct a wide range of Active Directory attacks, and simplifies complex workflows to support faster and more intuitive security...

DEBIAN-CVE-2022-29241

Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of rootdir that contains the starting user's home directory, then the underlying REST API ca...

Huawei HarmonyOS Path Traversal Vulnerability (CNVD-2022-04708)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. A security vulnerability exists in Huawei HarmonyOS, which stems from a component of HarmonyOS that is not sufficiently strict with respect to uri checksums. An...

PayloadsAllTheThings - A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! Every section contains the following files, you can use the templatevuln folder to create a new chapter: README.md - vulnerability description and how to exploit it Intrud...

DEBIAN-CVE-2016-10117

Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc...

CVE-2010-5198

Multiple untrusted search path vulnerabilities in Intuit QuickBooks 2010 allow local users to gain privileges via a Trojan horse 1 dbicudtx11.dll, 2 mfc90enu.dll, or 3 mfc90loc.dll file in the current working directory, as demonstrated by a directory that contains a .des, .qbo, or .qpg file. NOTE...

Microsoft Windows Vista/2003/XP/2000 file management security issues

Title: Microsoft Windows Vista/2003/XP/2000 file management security issues Author: 3APA3A, http://securityvulns.com/ Vendor: Microsoft and potentially another vendors Products: Microsoft Windows Vista/2003/XP/2000, Microsoft resource kit for Windows 2000 and different utilities. Access Vector:...

Emumail EMU Webmail 5.2.7 - nit.emu Information Disclosure

Emumail EMU Webmail 5.2.7 - nit.emu Information Disclosure source: https://www.securityfocus.com/bid/9861/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory...