9773 matches found
CVE-2026-2272
A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the icoreadinfo and icoreadicon functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized imag...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the importConfig process. An attacker can execute arbitrary code on the server by importing a crafted configuration file containing malicious paths. Details A Directory Traversal attack also known as path travers...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the importConfig process. An attacker can execute arbitrary code on the server by importing a crafted configuration file containing malicious paths. Details A Directory Traversal attack also known as path travers...
GO-2026-4844 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE in github.com/tobychui/zoraxy
Zoraxy: Authenticated Path Traversal in Config Import leads to RCE in github.com/tobychui/zoraxy...
GO-2026-4707 SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write in github.com/siyuan-note/siyuan/kernel
SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write in github.com/siyuan-note/siyuan/kernel...
CVE-2026-33529
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...
CVE-2026-2272
A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the icoreadinfo and icoreadicon functions. This issue arises because a size calculation for image buffers can wrap around due to a 32-bit integer evaluation, allowing oversized imag...
CVE-2026-33529
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...
CVE-2026-33529 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...
CVE-2026-33529
Zoraxy (github.com/tobychui/zoraxy) exposes an authenticated path traversal in the configuration import endpoint prior to version 3.3.2. The flaw allows writing arbitrary files outside the config directory, enabling potential remote code execution by creating a plugin. The issue is mitigated in v...
CVE-2026-33529 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...
CVE-2026-33529 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a...
CVE-2026-32441
Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through = 2.4.9...
CVE-2025-67112
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...
CVE-2025-55040
The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install...
CVE-2026-30345
A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...
CVE-2026-4044
A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument files results in path traversal. Remote exploitation of the attack is possible. The exploit is now...
CVE-2025-69239
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6...
CVE-2026-3550
The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions rockpressimport, rockpressimportstatus, rockpresslastimport, rockpressresetimport, and rockpresscheckservices...
CVE-2026-3848
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy environments under certain conditions due to improper input...