CVE-2026-7702 toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

EUVD-2026-26152

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...

EUVD-2023-44287

A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclose...

About Java getSoundBank function stack overflow vulnerability-vulnerability warning-the black bar safety net

:: Vulnerability principles Specifically, the error function is a Java Native method for Java. com. sun. media. sound. HeadspaceSoundbank. nOpenResource it. The function in the copy document path did not check string size and directly to the copy, and ultimately lead to a stack overflow: // $$kk:...

Ultraseek special DOS device access

Document path can contain special device name...