5009 matches found
CVE-2026-32920
OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run...
CMS Made Simple(CMSMS) 路径遍历漏洞
CMS Made Simple CMSMS is an open-source content management system developed by the Cmsms team. This system supports role-based permission management, wizard-based installation and update mechanisms, and intelligent caching features. Version 2.2.22 and earlier of CMS Made Simple contained a path...
EUVD-2026-17089
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GETFOLDERITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds...
CVE-2026-28528
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GETFOLDERITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds...
CVE-2026-28528
BlueKitchen BTstack
CVE-2026-28528 BlueKitchen BTstack < 1.8.1 AVRCP Browsing Target GET_FOLDER_ITEMS Handler OOB Read / Undefined Behavior
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GETFOLDERITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds...
PT-2026-29027
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET FOLDER ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit insufficient bounds...
CVE-2026-28503 Tandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...
CVE-2026-33477
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint /api/file/snippet.php allows an authenticated user with only readown access to a folder to retrieve snippet content from files upload...
CVE-2025-68623
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...
CVE-2026-33369
Zimbra Collaboration ZCS 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit thi...
CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
CVE-2019-25469
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field ...
CVE-2026-32817
Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the documents and files module does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIE...
CVE-2026-20990
Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege...
EUVD-2026-16126
The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...
CVE-2026-32680
The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...
CVE-2026-32680
The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...
CVE-2026-32680
The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...
CVE-2026-32680
The issue concerns RATOC RAID Monitoring Manager for Windows. If users customize the installer’s target folder, that folder may retain insecure ACLs, allowing non-administrative users to alter its contents. This can enable a non-administrative user to execute arbitrary code with SYSTEM privileges...