EUVD-2026-5596

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows haven't tested on other OS's, this can lead to Remote Code Execution by writing a payload to the Startup...

CVE-2026-25635

Calibre CHM reader prior to version 9.2.0 contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permission. On Windows (unverified on other OSes), this can enable Remote Code Execution by writing a payload to the Startup folder for execution at the ...

Claude Code Vulnerable to Command Injection via Piped sed Command Bypasses File Write Restrictions

Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this require...

GHSA-8V2V-WJWG-VX6R actix-files has a possible exposure of information vulnerability

Summary When passing a non-existing folder to the actixfiles::Files::new method causes the actix server to expose unexpected files. Details The actix-files library exposes a Files struct that configures an actix service to serve the files in a folder as static assets. Below you can find the...

actix-files has a possible exposure of information vulnerability

Summary When passing a non-existing folder to the actixfiles::Files::new method causes the actix server to expose unexpected files. Details The actix-files library exposes a Files struct that configures an actix service to serve the files in a folder as static assets. Below you can find the...

CVE-2026-25499

Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been...

PT-2026-6787

Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.2.0 Description calibre is an e-book manager. The CHM reader contains a path traversal flaw that permits arbitrary file writes in locations where the user possesses write access. On Windows operating systems, this c...

PT-2026-6764

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.55 Description Claude Code, an agentic coding tool, exhibited a flaw in command validation. Specifically, the software did not adequately validate commands utilizing piped sed operations with the echo command...

actix-files has a possible exposure of information vulnerability

When passing a non-existing folder to the actixfiles::Files::new method causes the actix server to expose unexpected files...

CVE-2025-14740

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...

CVE-2020-37129

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...

CVE-2020-37129 Memu Play 7.1.3 - Insecure Folder Permissions

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...

EUVD-2020-31025

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...

CVE-2020-37129

CVE-2020-37129 affects Memu Play 7.1.3. The vulnerability is due to insecure folder permissions that let a low-privileged user modify MemuService.exe, enabling replacement with a malicious file at system restart to gain SYSTEM-level privileges. Connected sources corroborate the issue and describe...

CVE-2020-37129 Memu Play 7.1.3 - Insecure Folder Permissions

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...

PT-2026-6573

Name of the Vulnerable Software and Affected Versions Memu Play version 7.1.3 Description The software contains an insecure folder permissions issue. Low-privileged users can modify the MemuService.exe executable. An attacker can replace the service executable with a malicious file during system...

Microvirt Memu Play 安全漏洞

Microvirt Memu Play is an Android emulator developed by Microvirt Corporation. The version 7.1.3 of Microvirt Memu Play contains a security vulnerability. This vulnerability stems from insecure folder permissions, which may lead to permission escalation...

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

CVE-2020-37087 Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...