GHSA-RR73-568V-28F8 Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Summary A business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already exists, the system updates the existing account'...

External Control of File Name or Path

Overview @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol GEP for auditable, reusable evolution assets. Affected versions of this package are vulnerable to External Control of File Name or Path via the fetch...

CVE-2026-42238

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

GHSA-JW8G-5J46-44RP AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Authenticated Users' Profile Photos with Arbitrary Content

Summary objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the decoded bytes to videos/userPhoto/photo.png. Its only access control is User::isLogged. It does not end in .json.php, so it is excluded from the project's global autoCSRFGuard...

PPTAgent: Arbitrary File Write via `save_generated_slides`

Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. The savegeneratedslides MCP tool accepts a pptxpath argument and writes the generated PPTX file to that path without any workspace restriction or path validation:...

Race Condition

Overview langchain-chatchat is a Langchain-Chatchat formerly langchain-ChatGLM, local knowledge based LLM like ChatGLM, Qwen and Llama RAG and Agent app with langchain Affected versions of this package are vulnerable to Race Condition through a race condition in the files function of the...

CLSA-2026-1777996005 dmidecode: Fix of CVE-2023-30630

CVE-2023-30630: do not let --dump-bin overwrite an existing file...

EUVD-2026-27213

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

CVE-2026-4362

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

CVE-2026-4362 ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

CVE-2026-4362 ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

PT-2026-37275

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A business logic issue in the Grav Admin Panel allows a low-privileged user with user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new...

CVE-2026-42238

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

CVE-2026-41326

A flaw was found in Kata Containers. An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those...

CVE-2026-42238

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

CVE-2026-42238

Nginx UI (nginx-ui) prior to version 2.3.8 exposes an unauthenticated backup restore endpoint (POST /api/restore) during the first 10 minutes after startup. An unauthenticated remote attacker can upload a crafted backup archive that overwrites app.ini and the SQLite database, allowing injection o...

CVE-2026-43616

Detect-It-Easy (pre-3.21) contains a path traversal vulnerability that allows writing arbitrary files via crafted archive entries (relative traversals or absolute paths). Insufficient path normalization during archive extraction can write outside the target directory and may enable persistent cod...

rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability

A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface CLI inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences ../...

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...