EUVD-2026-39628

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

CVE-2026-57872 GV-LPC2011/LPC2211 - unauthorized directory traversal vulnerability (get_fcont.cgi)

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

CVE-2026-57872

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

CVE-2026-8380

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...

CVE-2025-10268

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. Describing the...

CVE-2026-54232

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. This vulnerability, a dependency confusion attack, allows a remote attacker to execute arbitrary code with root privileges during the Docker build process. By exploiting this, an attacker can compromise the...

CVE-2026-40083

A flaw was found in Cacti. This vulnerability, a SQL Injection, allows a remote attacker with SNMP Simple Network Management Protocol agent management permissions to execute arbitrary SQL commands. The flaw occurs due to unsanitized deserialization of user-controlled input in the managers.php fil...

Open Redirect

Nuxt is vulnerable to Open Redirect. The vulnerability is due to improper validation of protocol-relative URLs in the reloadNuxtApp function, where paths such as //evil.com bypass URL validation and resolve to attacker-controlled domains, allowing attackers to redirect users to malicious websites...

offensive-craft

offensive-craft 🛠️ A forge for offensive security research...

Cross Site Scripting

Nuxt is vulnerable to cross-site scripting XSS. The vulnerability is due to improper validation of script-capable URLs in the navigateTo open option, where javascript: URLs supplied through user-controlled input are not blocked, allowing attackers to execute arbitrary scripts in the application's...

Exploit for Path Traversal in Rarlab Winrar

Amaranth Project A multi-stage backdoor implantation attack c...

Exploit for Use After Free in Google Chrome

CVE-2026-13036 — Use-After-Free in Blink WidgetBase::UpdateS...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Nvidia Triton_Inference_Server

CVE-2026-24207 / 24206 — NVIDIA Triton Inference Server SageMa...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Nvidia Triton_Inference_Server

CVE-2026-24207 / 24206 — NVIDIA Triton Inference Server SageMa...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.12.0 Vulnerability Details CVEID:CVE-2026-42578 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandl...

EUVD-2025-210347

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

CVE-2025-10268

The CVE-2025-10268 entry concerns the Printcart Web to Print Product Designer for WooCommerce WordPress plugin up to version 2.4.8. The vulnerability is a path traversal flaw that allows an attacker to retrieve directory listings for arbitrary server directories. Affected component: the plugin’s ...

CVE-2025-10268 Printcart Web to Print Product Designer for WooCommerce <= 2.4.8 - Unauthenticated Folder Content Disclosure via Path Traversal

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

CVE-2026-8380 Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...