357 matches found
CVE-2026-53781
Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...
CVE-2026-53781
The CVE affects the Summarize utility prior to version 0.17.0. Vulnerable path is the temp-file-based media download, where an unbounded response can be streamed via the download/response path, causing disk and resource exhaustion. Root cause: responses bypass the enforced size limit due to missi...
CVE-2026-49740 TYPO3 CMS - Insecure Deserialization in Core API
TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted serialized...
Windows Notepad Markdown Link Exposure Test
This Metasploit auxiliary module is a non-exploit, safety-focused research tool designed to generate a Markdown file for analyzing how Windows Notepad handles external links. It creates a controlled test document containing a user-defined URL and stores it locally for inspection...
CVE-2026-49128
Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...
NocoDB: Stored Cross-Site Scripting via Form View Redirect URL
Summary The shared form-view submit handler in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role or above on any base can plant a javascript: URL in the form's redirecturl; when an authenticated view...
CVE-2026-49128
Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...
CVE-2026-49128 Music Player Daemon < 0.24.11 Path Traversal via LocalStorage URI Handling
Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...
CVE-2026-49128
Music Player Daemon (MPD) up to version 0.24.11 contains a path traversal vulnerability in the local storage plugin, specifically LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8, where on-disk paths are constructed by simple string joins of the storage root and a user-supplied URI without ca...
CVE-2026-49128 Music Player Daemon < 0.24.11 Path Traversal via LocalStorage URI Handling
Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...
EUVD-2026-33001
Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...
PT-2026-44495
Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...
Security Bulletin: Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)
Summary IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration CP4I 1.5.20 has addressed an authentication vulnerability that may allow access to files in the local server storage. Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server for CP4i i...
Database-Exploitation-Manual
🛡️ SecDB Auditor - Database Security Compiling Suite & Manual...
Security, Privacy, and Ethical Risks in OpenClaw
This paper systematically investigates the security, privacy, and ethical risks, as well as the traceability challenges of OpenClaw, a locally executable AI agent system for natural language interaction and real-world task completion. While OpenClaw shows strong potential for personal assistance,...
Astra Linux - уязвимость в ceph
A flaw was discovered in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage, which is potentially vulnerable to attacks via XSS attacks. The most significant threat of this vulnerability is related to data...
ANTI-FLUFF
PENTESTINGMETHS Main view example: Web Application As...
CVE-2026-42605 AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint POST /api/station/stationid/files/upload is not sanitized for path traversal sequences. When combined with a local filesystem...
[SECURITY] Fedora 44 Update: rust-sccache-0.14.0-2.fc44
Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...
OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender
Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...