CVE-2026-0963

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

CVE-2026-0963

The CVE-2026-0963 entry concerns Crafty Controller's File Operations API Endpoint, where an input neutralization flaw allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal. The vulnerability affects the File Operations API Endpoint componen...

CVE-2026-0963 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal...

PT-2026-5381

Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description An input neutralization issue exists in the File Operations API Endpoint component of Crafty Controller. A remote, authenticated attacker can exploit this to perform file tampering...

PT-2025-48411

A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation result...

GO-2025-3999 Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd

Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd...

EUVD-2025-32096

Malicious code in bioql PyPI...

SUSE CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API

Impact LXD's operations API includes secret values necessary for WebSocket connections when retrieving information about running operations. These secret values are used for authentication of WebSocket connections for terminal and console sessions. Therefore, attackers with only read permissions...

CVE-2025-54289 Privilege Escalation via WebSocket Connection Hijacking in LXD Operations API

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

CVE-2025-54289

Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format...

PT-2025-40332

Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD version 5.21 through 5.21.4 Description A privilege escalation issue exists in the operations API of Canonical LXD. An attacker with read permissions can hijack terminal or console sessions and...

CVE-2021-26069

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/id/ActionsAndOperations API endpoint. The affected versions are before...

Apache Traffic Control Authentication Vulnerability

Apache Traffic Control is the United States Apache Apache Software Foundation of a distributed , scalable content delivery solutions. The product is mainly used to build large-scale content delivery network. An authentication vulnerability exists in Apache Traffic Control, which stems from...