2858 matches found
Joomla! Component Love Factory 1.3.4 - Local File Inclusion
A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...
CVE-2026-15524
A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal. Local access is required to approach this attack. The...
CVE-2026-15524 alioshr memory-bank-mcp list-project-files-validation-factory.ts path traversal
A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal. Local access is required to approach this attack. The...
CVE-2026-15524
The vulnerability CVE-2026-15524 affects alioshr memory-bank-mcp up to versions 0.2.1/3.1. The issue resides in the file list-project-files-validation-factory.ts where manipulation of the projectName argument enables path traversal. Local access is required to exploit, and public disclosure of th...
GHSA-9VCR-P3RJ-Q5Q6 vulnerabilities
Vulnerabilities for packages: tbot, teleport, zarf-fips, tflint, cloudbeat-fips, image-factory, tkn-fips, neuvector-sigstore-interface, tkn, kubescape-server, crossplane-fips, crossplane, trivy-operator-fips, cloudbeat, aactl, kubescape, tekton-chains, falcoctl-fips, kyverno, trivy-operator,...
CVE-2026-55471
CVE-2026-55471 concerns HAPI FHIR’s XsltUtilities.sax(on)Transform overloads, which historically instantiate a bare net.sf.saxon.TransformerFactoryImpl() without external-access restrictions. This enables XML External Entity (XXE) processing, allowing local file disclosure and blind XXE/SSRF when...
CVE-2026-55471 HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform... overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl without ACCESSEXTERNALDTD or ACCESSEXTERNALSTYLESHEET...
CVE-2026-36028
A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...
cxf: org.apache.cxf/cxf-core: Apache CXF: Information disclosure via out-of-band external entity resolution due to missing JAXP hardening
A flaw was found in Apache CXF. The EndpointReferenceUtils and W3CMultiSchemaFactory classes within Apache CXF construct a SAXParserFactory without proper security configurations. This oversight enables out-of-band OOB external entity resolution, a type of XML External Entity XXE vulnerability. A...
PT-2026-56535
Name of the Vulnerable Software and Affected Versions Code 27 Companion Hub affected versions not specified Description A protection mechanism failure allows an attacker with physical access to completely bypass kiosk restrictions by performing a factory reset. Recommendations At the moment, ther...
CVE-2026-36028
A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...
CVE-2026-36028
Technical details are not publicly available in the provided documents. Monitor for updates as no specific affected components, versions, or remediation are disclosed here.
Linux Distros Unpatched Vulnerability : CVE-2026-55153
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI...
UBUNTU-CVE-2026-55153
mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...
CVE-2026-58453 JAIOTlink C492A-W6 4.8.30.57701411 Hard-coded Credentials via anyka_ipc
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...
CVE-2026-58116 LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path
LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...
CVE-2026-58116
LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...
PT-2026-53876
Name of the Vulnerable Software and Affected Versions LLaMA-Factory versions prior to 0.9.6 Description Remote code execution is possible via the WebUI Chat and Training interfaces. The application fails to validate user-supplied model paths before passing them to the AutoTokenizer.from pretraine...
CVE-2026-57473
A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...
CVE-2026-57473
A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...