Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the handling of LFS object uploads. An attacker can overwrite existing LFS objects across different repositories by uploading objects with the same identifier, potentially leading to...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the handling of LFS object uploads. An attacker can overwrite existing LFS objects across different repositories by uploading objects with the same identifier, potentially leading to...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the handling of LFS object uploads. An attacker can overwrite existing LFS objects across different repositories by uploading objects with the same identifier, potentially leading to...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the handling of LFS object uploads. An attacker can overwrite existing LFS objects across different repositories by uploading objects with the same identifier, potentially leading to...

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the handling of LFS object uploads. An attacker can overwrite existing LFS objects across different repositories by uploading objects with the same identifier, potentially leading to...

CVE-2026-20062

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance ASA Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This...

EUVD-2026-9850

Gogs: Cross-repository LFS object overwrite via missing content hash verification...

GHSA-CJ4V-437J-JQ4C Gogs: Cross-repository LFS object overwrite via missing content hash verification

Summary Overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. Details Gogs store all LFS objects in the same place, no isolation between different repositories. repo id not concatenated to...

CVE-2026-25921 Gogs: Cross-repository LFS object overwrite via missing content hash verification

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...

Windows File Shredder: When deleting a file isn’t enough

Most of us think deleting a file means it’s gone for good. But “delete” on a Windows device often just means “out of sight,” not necessarily “out of reach.” That’s where File Shredder, a new feature within Malwarebytes Tools for Windows, comes in. File Shredder lets you securely delete files from...

GHSA-QFFP-2RHF-9H96 tar has Hardlink Path Traversal via Drive-Relative Linkpath

Summary tar npm can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x extraction. Details The extraction logic in UnpackSTRIPABSOLUTEPATH chec...

VulnCheck KEV: CVE-2026-20122

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...

PT-2026-23608

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.10 Description The node-tar package contains a flaw where it can be tricked into creating a hardlink that points outside the extraction directory. This is achieved by using a drive-relative link target, such as...

Gogs（Go Git Service） 数据伪造问题漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to version 0.14.2 of Gogs Go Git Service, there was a data manipulation...

Important: nodejs22

Issue Overview: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be...

Important: nodejs24

Issue Overview: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to...

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:0759-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0759-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization...

PT-2026-23483

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description Gogs, a self-hosted Git service, has a flaw where Large File Storage LFS objects can be maliciously overwritten across different repositories. This is due to a lack of isolation in how LFS objects are...

GHSA-25G8-2MCF-FCX9 changedetection.io has Zip Slip vulnerability in the backup restore functionality

Summary A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. Details A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. The...

changedetection.io has Zip Slip vulnerability in the backup restore functionality

Summary A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. Details A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. The...