1659 matches found
SUSE CVE-2025-3879
Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...
CVE-2026-15409
A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location...
CVE-2026-15392
DBD::File for Perl is affected in versions before 1.651. The issue arises because complete_table_name builds an absolute path to the table file without verifying symbolic links, enabling a symlink inside the data directory to point to a table file anywhere outside configured f_dir/f_dir_search di...
CVE-2026-0487 DLL Hijacking vulnerability in SAProuter on Microsoft Windows
SAProuter on Microsoft Windows allows an unauthenticated attacker to load library DLL files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impac...
SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability
SonicWall SMA1000 Appliances contain a server-side request forgery vulnerability that could allow a remote unauthenticated attacker to potentially cause the appliance to make requests to unintended location...
CVE-2026-49970
Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath function that allows attackers to write uploaded files to arbitrary locations by controlling the directory argument passed to MediaUploader::toDestination. Attackers can exploit the permissive...
CVE-2026-57419
Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through = 3.1.8...
CVE-2026-57419
CVE-2026-57419 concerns the WordPress plugin Stock Locations for WooCommerce (versions up to and including 3.1.8). The vulnerability is described as a Missing Authorization / Broken Access Control issue, arising from incorrectly configured access control security levels. The CVE notes that this a...
CVE-2026-57419 WordPress Stock Locations for WooCommerce plugin <= 3.1.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce: from n/a through = 3.1.8...
CVE-2026-55472
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...
CVE-2026-55472 Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...
CVE-2026-55878
Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative accepts paths like ../../../etc, a crafted or...
WordPress Stock Locations for WooCommerce plugin <= 3.1.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Mitchell in WordPress Plugin Stock Locations for WooCommerce versions = 3.1.8...
EUVD-2026-42019
Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Collect Data from Common Resource Locations. This issue affects Access Control System GKS: before Version 2...
CVE-2026-8377 Improper Authorization in Armiya Technologies' Access Control System
Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Collect Data from Common Resource Locations. This issue affects Access Control System GKS: before Version 2...
GHSA-V8CX-933X-R976 OpenClaw: Fake package roots could influence memory-core artifact loading
Summary Fake package roots could influence memory-core artifact loading. In affected versions, a local package root resolution path influenced by workspace state could select a package root that was not the intended bundled artifact root. This advisory is scoped to the named feature and...
PYSEC-2026-292 BBOT's various issues in unarchive.py can cause arbitrary file write and RCE
Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...
EUVD-2026-39927
A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...
CVE-2026-56414
A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...
CVE-2026-56414
The CVE-2026-56414 entry concerns H.View IP cameras (HV-500S6) with certificate-related upload interfaces. Authenticated users can store arbitrary file content to fixed, persistent filesystem locations without validation of file type, structure, or size. The described design omission enables plac...