PT-2026-3050

YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious payload of 712 bytes with SEH manipulation to trigger a...

CVE-2022-50916

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.ph...

CVE-2022-50939

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...

CVE-2026-22871

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

CVE-2026-22854

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap...

OPENSUSE-SU-2026:20038-1 Security update for wget2

This update for wget2 fixes the following issues: Changes in wget2: - Update to release 2.2.1 Fix file overwrite issue with metalink CVE-2025-69194 bsc1255728 Fix remote buffer overflow in getlocalfilenamereal CVE-2025-69195 bsc1255729 Fix a redirect/mirror regression from 400713ca Use the local...

MiracleLinux 3 : lftp-3.7.11-4.AXS3.3 (AXSA:2010-400:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-400:01 advisory. LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in...

FreeRDP 安全漏洞

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A security vulnerability exists in FreeRDP versions prior to 3.20.1, which stems from a drive read where the server-controlled read length is used to read file data into the IRP output stream buffer...

MiracleLinux 3 : cups-1.3.7-18.8.0.1.AXS3 (AXSA:2010-481:05)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-481:05 advisory. The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It has been developed by Easy Software Products to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001308)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001308 advisory. The ip6appenddata function in net/ipv6/ip6output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur...

MiracleLinux 3 : cups-1.2.4-11.18.2.1AXS3 (AXSA:2008-510:05)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-510:05 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for UNIXR operating systems. This patch fixes the following bugs: CVE-2008-36...

CVE-2023-54330

Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targeting the messenger's network handler to...

CVE-2022-50939

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...

CVE-2022-50939

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...

CVE-2022-50916

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.ph...

CVE-2026-22685

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

CVE-2022-50939 e107 CMS v3.2.1 - Upload Restriction Bypass with Path Traversal File Override

e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the Media Manager's remote URL upload functionality image.php where the uploadcaption parameter is n...

CVE-2022-50916 e107 CMS v3.2.1 - Upload restriction bypass (Authenticated [Admin])+ Server file override

e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrators to override server files through the Media Manager import functionality. Attackers can exploit the upload mechanism by manipulating the upload URL parameter to overwrite existing files like top.ph...

GHSA-XG9W-VG3G-6M68 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

Summary A path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. CWE: CWE-22 Improper...

Directory Traversal

Overview guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can overwrite arbitrary files and potentially execute code by crafting a malicious archive with path...