GO-2026-4978 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

CLSA-2026-1778142227 nginx: Fix of 2 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...

CLSA-2026-1778129870 nginx: Fix of 2 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...

Rancher Extensions have arbitrary file access via path traversal

Impact A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: - Overwrite Rancher binaries or configuration to...

GHSA-5V3H-X4WF-5C35 Rancher Extensions have arbitrary file access via path traversal

Impact A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: - Overwrite Rancher binaries or configuration to...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the compressedEndpoint field in a UIPlugin deployment. An attacker can overwrite binaries or configuration files, tamper with cluster state, or write to the host node filesystem by exploiting path traversal in th...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from writing two files with predictable names in the system’s temporary directory...

Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override

Summary Tested on Form 9.0.3 released on April, 28th The Form plugin's file upload handler at user/plugins/form/classes/Form.php:583 accepts a POST-supplied filename parameter $filename = $post'filename' ?? $upload'file''name' that overrides the original uploaded filename. The override passes...

GHSA-W4RC-P66M-X6QQ Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override

Summary Tested on Form 9.0.3 released on April, 28th The Form plugin's file upload handler at user/plugins/form/classes/Form.php:583 accepts a POST-supplied filename parameter $filename = $post'filename' ?? $upload'file''name' that overrides the original uploaded filename. The override passes...

CVE-2026-40281

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

CVE-2026-40281

Gotenberg 8.x (

Mezo: ERC-20 bridgeOut burn can be erased by a stale StateDB overwrite leading to full L1 bridge drain

Note: the fixed version of the validator client has been deployed for some time. Impact Potential full drain of L1 bridge without changing bridged balance on Mezo. Brief/Intro A malicious user can steal all ERC-20 tokens locked in the L1 bridge by repeatedly calling the bridgeOut precompile from ...

GHSA-6447-269V-G68M Mezo: ERC-20 bridgeOut burn can be erased by a stale StateDB overwrite leading to full L1 bridge drain

Note: the fixed version of the validator client has been deployed for some time. Impact Potential full drain of L1 bridge without changing bridged balance on Mezo. Brief/Intro A malicious user can steal all ERC-20 tokens locked in the L1 bridge by repeatedly calling the bridgeOut precompile from ...

CVE-2026-41936 Vvveb < 1.0.8.2 XML External Entity Injection via Import

Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated siteadmin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...

CVE-2026-41936

Vvveb before version 1.0.8.2 contains an XML external entity XXE injection vulnerability in the admin Tools/Import feature that allows authenticated siteadmin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to...

GHSA-4PVG-PRR3-9CXR Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

Product: nginx-ui Repository: 0xJacky/nginx-ui branch: dev Vulnerability Class: Authentication Bypass → Arbitrary File Write → OS Command Injection Affected Component: POST /api/restore --- 1. Vulnerability Summary nginx-ui exposes a backup restore endpoint POST /api/restore that is completely...

BIT-JAVA-MIN-2024-47606 GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...

WordPress ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor plugin <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite vulnerability

Missing Authorization to Unauthenticated Widget Content Overwrite vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin ElementsKit Elementor addons Lite versions = 3.8.2...

CLSA-2026-1777996588 dmidecode: Fix of CVE-2023-30630

CVE-2023-30630: do not let --dump-bin overwrite an existing file...

PT-2026-38283

Name of the Vulnerable Software and Affected Versions Grav form plugin versions prior to 9.1.0 Description An unauthenticated page-content overwrite exists via file upload. The file upload handler in user/plugins/form/classes/Form.php uses a filename parameter that can be controlled via POST...