CVE-2026-24479 HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE

HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problemimportqduoj.php and problemimporthoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file...

HUSTOJ Path Traversal Vulnerability

HUSTOJ is a popular OJ system developed by Zhang Haobin zhblue from China. Versions of HUSTOJ before 26.01.24 contained a path traversal vulnerability. This vulnerability stemmed from the improper cleaning of file names in uploaded ZIP archives by the problemimportqduoj.php and problemimporthoj.p...

PT-2026-4874

NULL Pointer Dereference vulnerability in visualfc liteide liteidex/src/3rdparty/libvterm/src modules. This vulnerability is associated with program files screen.C, state.C, vterm.C. This issue affects liteide: before x38.4...

PT-2026-4892

Out-of-bounds Write vulnerability in praydog UEVR dependencies/lua/src modules. This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects UEVR: before 1.05...

PT-2026-4865

Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules. This vulnerability is associated with program files regparse.C. This issue affects CloverBootloader: before 5162...

Linux Distros Unpatched Vulnerability : CVE-2026-24808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer Overflow or Wraparound vulnerability in RawTherapee rtengine modules. This vulnerability is associated with program files dcraw.Cc. This issue affects...

PT-2026-5001

Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to execute code when administrators view customer traffic modules...

PT-2026-4896

Name of the Vulnerable Software and Affected Versions turanszkij WickedEngine versions through 0.71.727 Description An out-of-bounds read issue exists in turanszkij WickedEngine, specifically within the LUA modules and associated file lparser.C. The issue is a heap-based buffer over-read that can...

PT-2026-4895

Out-of-bounds Read vulnerability in turanszkij WickedEngine WickedEngine/LUA modules. This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705...

PT-2026-4883

Integer Overflow or Wraparound vulnerability in RawTherapee rtengine modules. This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11...

PT-2026-4893

Out-of-bounds Read vulnerability in praydog UEVR dependencies/lua/src modules. This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05...

CVE-2026-24056 pnpm has symlink traversal in file:/git dependencies

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

CVE-2026-24056

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

CVE-2026-24056 pnpm has symlink traversal in file:/git dependencies

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

CVE-2026-23890 pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

pnpm security vulnerabilities

PNPM is a package manager developed by the open-source project Pnpm. Versions of Pnpm prior to 10.28.1 contained security vulnerabilities. These vulnerabilities were caused by path traversal in binary links, which could allow malicious npm packages to create executable files or symbolic links...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004951)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004951 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Add downwritetraceeventsem when adding trace event When a module is loaded, it adds trac...

CVE-2025-67274

CVE-2025-67274 affects continuous.software aangine v.2025.2. An issue in the excel-integration-service template download module, the integration-persistence-service job listing module, and the portfolio-item-service data retrieval module endpoints allows a remote attacker to obtain sensitive info...

Exploit for CVE-2023-12345

Shadow-Scan - Advanced Security Audit Framework 🔥 Overview...

CVE-2026-22585

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules allows Web Services Protocol Manipulation. This issue affects Marketing Cloud...