CVE-2026-32775

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...

CVE-2026-32775

CVE-2026-32775 affects libexif up to 0.6.25, in the MakerNotes decoding path. The flaw occurs in the function exif_mnote_data_get_value when a 0-sized input is passed, causing an integer underflow that overwrites the provided buffer. The CVSS 3.1 vector assigns a base score of 7.4 (HIGH) with LOC...

CVE-2026-32775

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...

Exploit for Path Traversal in Apple Safari

CVE-2026-20660 PoC Bundle This folder packages a standalone p...

CVE-2026-21005

Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege...

CVE-2026-21005

Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege...

CVE-2026-21005

Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege...

CVE-2026-21005

Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege. Affected product: Smart Switch (pre-3.7.69.15). Impact: potential unauthorized file overwrite; confidentiality unchanged, integrity/availability considerat...

PT-2026-25609

Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege...

SAMSUNG Smart Switch 安全漏洞

Samsung Smart Switch is a data migration tool developed by South Korea’s Samsung Corporation. Versions of Samsung Smart Switch prior to 3.7.69.15 contained a security vulnerability caused by a path traversal issue, which could allow adjacent attackers to overwrite any file with Smart Switch...

Libexif 数字错误漏洞

Libexif is a function library written in C language by the Libexif organization. This product is primarily used for reading and writing EXIF meta-data from graphic files. Versions of libexif prior to 0.6.25 contained a numerical error vulnerability. This vulnerability stemmed from a flaw in...

PX4-Autopilot 安全漏洞

PX4-Autopilot is an open-source drone autopilot system developed by PX4. Versions of PX4-Autopilot prior to 1.17.0-rc2 contained security vulnerabilities. These vulnerabilities stemmed from tattucan’s use of unbounded memory copying during its multi-frame assembly cycle, which could lead to stack...

EulerOS 2.0 SP10 : cups (EulerOS-SA-2026-1330)

According to the versions of the cups package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin...

OESA-2026-1544 busybox security update

The Swiss Army Knife of Embedded Linux Security Fixes: A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory...

CVE-2026-1947

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

PT-2026-25529

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submit nex form function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

Exploit for CVE-2026-31802

CVE-2026-31802: tar Symlink Path Traversal / Arbitrary File Ov...

SUSE SLES12 Security Update : busybox (SUSE-SU-2026:0892-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0892-1 advisory. - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk....

CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through a discrepancy in path normalization between protocol handlers and internal routing. An attacker can bypass folder-level permissions or escape the boundaries of a configured virtual folder by crafting specific...