5009 matches found
PT-2026-34644
EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected...
CVE-2026-41183
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
CVE-2026-41183 FreeScout allows non-folder conversation queries to disclose assigned-only hidden conversations
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
CVE-2026-41183 FreeScout allows non-folder conversation queries to disclose assigned-only hidden conversations
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
CVE-2026-41183
FreeScout core issue: prior to v1.8.215, the assigned‑only restriction was enforced for direct conversation view and folder queries but not for non‑folder query builders. As a result, global search and the AJAX filter path could disclose conversations that should have been hidden. Impact involves...
CVE-2026-41183
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
Directory Traversal
Overview com.github.junrar:junrar is a rar decompression library in plain java. Affected versions of this package are vulnerable to Directory Traversal via the LocalFolderExtractor component. An attacker can overwrite files in sibling directories by tricking a user into extracting a specially...
CVE-2026-41245 Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix
Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes th...
EUVD-2026-23793
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...
CVE-2026-39454
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...
CVE-2026-39454
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...
CVE-2026-39454
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...
CVE-2026-39454
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...
SKYSEA Client View and SKYMEC IT Manager improper file access permission settings
Overview SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools. SKYSEA Client View and SKYMEC IT Manager contain the following vulnerability. Incorrect default permissions in the installation folder CWE-276 - CVE-2026-39454 Takashi Matsumoto of...
CVE-2026-6591 ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-6591
ComfyUI up to 0.13.0 is affected by a path traversal in the LoadImage Node’s folder_paths.get_annotated_filepath (folder_paths.py). The vulnerability arises from manipulating the Name argument, enabling remote exploitation. An exploit has been published; vendor was contacted but did not respond. ...
EUVD-2026-23735
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...
ComfyUI 安全漏洞
ComfyUI is the most powerful and modular diffusion model GUI and backend developed by comfyanonymous individuals. Versions of ComfyUI prior to 0.13.0 contain security vulnerabilities, which stem from improper handling of parameter names in the folderpaths.getannotatedfilepath function within fold...
PT-2026-33660
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder paths.get annotated filepath of the file folder paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has bee...
PT-2026-33731
Name of the Vulnerable Software and Affected Versions SKYSEA Client View affected versions not specified SKYMEC IT Manager affected versions not specified Description Improper file access permission settings in the installation folder allow a non-administrative user to manipulate or place arbitra...