27698 matches found
SiYuan <= 3.6.5 - Unauthenticated Path Traversal
SiYuan = 3.6.5 contains a path traversal via double URL-encoding in the /assets/ route publish mode port 6808, allowing unauthenticated attackers to read arbitrary files inside WorkspaceDir including conf/conf.json which exposes the API token and access auth code. id: CVE-2026-54066 info: name:...
Vitest Browser Mode - Local File Read
Vitest is a testing framework powered by Vite. The screenshot-error handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by browser.api.host- true, an attacker can send a request to that handler from remote to get th...
October CMS - Remote Code Execution
October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safemode and cms.enableSafeMode in order to execute arbitrary cod...
kernel: net: atm: fix crash due to unvalidated vcc pointer in sigd_send()
A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM networking component. A local attacker, by acting as a malicious signaling daemon, could send a specially crafted message containing an unvalidated pointer. This unvalidated pointer would be directly used by the kernel, leading...
F5 BIG-IP Appliance Mode - Command Injection
When running in Appliance mode, an authenticated user assigned the Administrator role may bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. id: CVE-2022-41800 info: name: F5 BIG-IP Appliance Mode - Command Injection author: dwisiswant0 severity: high description...
CVE-2026-10664
The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...
CVE-2026-61428
PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...
EUVD-2026-43164
The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...
CVE-2026-15146
A flaw was found in Wget. When operating in FTP passive mode, Wget fails to validate the IP address provided in an FTP PASV response. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this vulnerability to redirect Wget's data connection to an arbitrary IP addres...
EUVD-2026-39122
SiYuan: Path Traversal via Double URL Encoding in /assets/path publish mode arbitrary file─read, Incomplete fix of CVE-2026-41894...
CVE-2026-15146
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...
EUVD-2026-42980
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...
CVE-2026-15146 CVE-2026-15146
GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...
CVE-2026-15146
GNU Wget is vulnerable in FTP passive mode due to not validating the IP address in the PASV response, enabling potential SSRF to localhost/internal resources via a malicious FTP/redirected HTTP server. The issue is addressed in the 4f85853f... commit, which validates the PASV address against the ...
Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched
Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and...
CVE-2026-59857
Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...
CVE-2026-59853
SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...
CVE-2026-59853
SiYuan prior to 3.7.1 exposes saved search criteria via /api/storage/getCriteria without publish-access filtering, enabling a publish-mode Reader to read private document paths, notebooks, documents, and block IDs, and to search/replace keywords for unpublished documents. This reflects a data-exp...
CVE-2026-59853 SiYuan: Publish-mode Reader can exfiltrate private saved-search Criteria via /api/storage/getCriteria (missing publish-access filter)
SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...
CVE-2026-55605 @arikusi/deepseek-mcp-server Missing Authentication on Self-Hosted HTTP MCP Endpoint
DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...