141 matches found
CVE-2026-59875
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...
CVE-2026-52756 Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...
CVE-2026-31996
OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...
CVE-2026-28442
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...
CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...
CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution
A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...
CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution
A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...
CVE-2025-37146
The CVE-2025-37146 entry describes a vulnerability in the web-based management interface of network access point configuration services (e.g., HPE ArubaOS) that can allow an authenticated remote attacker to perform remote command execution on the underlying OS. The public sources indicate exploit...
EUVD-2013-3937
Malware in sbrugna...
EUVD-2012-6001
Malware in sbrugna...
EUVD-2019-9972
Malware in sbrugna...
EUVD-2020-12074
Malware in sbrugna...
EUVD-2010-2042
Malware in sbrugna...
EUVD-2020-2314
Malware in sbrugna...
EUVD-2008-7229
Malware in sbrugna...
EUVD-2020-2315
Malware in sbrugna...
EUVD-2020-12180
Malware in sbrugna...
EUVD-2020-2298
Malware in sbrugna...
EUVD-2020-11968
Malware in sbrugna...
EUVD-2020-6219
Malware in sbrugna...