PDM wheel installation leads to Path Traversal via overridden write_to_fs

InstallDestination.writetofs in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe pathwithdestdir which validates via Path.resolve + isrelativeto with a bare os.path.join that performs no path validation. A malicious wheel with travers...

Windows Notepad Markdown Link Exposure Test

This Metasploit auxiliary module is a non-exploit, safety-focused research tool designed to generate a Markdown file for analyzing how Windows Notepad handles external links. It creates a controlled test document containing a user-defined URL and stores it locally for inspection...

CVE-2026-9646 ScadaBR Unauthenticated Reflected Cross-Site Scripting

A reflected cross-site scripting issue exists in URL handling...

CVE-2026-9646

CVE-2026-9646 describes a reflected cross-site scripting issue in URL handling affecting ScadaBR (Unauthenticated). Root cause: insufficient sanitization/validation of URL input leading to reflected script execution. Impact: low confidentiality and integrity impact; no availability impact reporte...

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Vulnerabilities exist in versions of Apple macOS such as Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4. These vulnerabilities stem from improper handling of symbolic links, which may allow...

BIT-PYTHON-MIN-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

CVE-2026-32117

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

CVE-2026-28721

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 Windows before build 41186...

EUVD-2026-9957

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 Windows before build 41186...

EUVD-2026-9956

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 Windows before build 41186...

CVE-2026-28721

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 Windows before build 41186...

CVE-2026-28721

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 Windows before build 41186...

CVE-2026-28722

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 Windows before build 41186...

CVE-2026-28722

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 Windows before build 41186...

CVE-2026-28722

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 Windows before build 41186...

CVE-2026-28722

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 Windows before build 41186...

CVE-2026-28722

CVE-2026-28722 : Local privilege escalation in Acronis Cyber Protect 17 (Windows) prior to build 41186 due to improper soft link handling . Affected component/condition: local context with low privileges required and user interaction. CVSSv3.0 metrics indicate a high impact (C/H, I/H, A/H) with L...

CVE-2026-28721

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 Windows before build 41186...

CVE-2026-28721

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 Windows before build 41186...