CVE-2026-5937

CVE-2026-5937 is associated with Foxit PDF Editor/Reader and is caused by insufficient parameter verification that can lead to format errors in files. This triggers an unhandled std::invalid_argument exception, which results in the application terminating (denial of service). The available docume...

CVE-2026-3868

An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buff...

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation in China. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Reader and Foxit PDF Editor have security vulnerabilities. These vulnerabilities stem from insufficient parameter validation, which...

PT-2026-34874

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the sevpinmemory function in KVM SEV, where the int type’s pages parameter is not properly...

CVE-2026-40623 SenseLive X3050 Missing Authorization

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchd...

CVE-2026-35512

A flaw was found in xrdp, an open-source Remote Desktop Protocol RDP server. This heap-based buffer overflow vulnerability, caused by insufficient validation of client-controlled size parameters, allows an out-of-bounds write via crafted Protocol Data Units PDUs. A remote attacker can exploit thi...

PraisonAI Operating System Command Injection Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the --mcp CLI parameter being passed directly without any validation, whitelist checking, or cleanup, which can be exploited by an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007318 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters o...

GHSA-W59F-67XM-RXX7 Froxlor has Local File Inclusion via path traversal in API `def_language` parameter leads to Remote Code Execution

Summary The Froxlor API endpoint Customers.update and Admins.update does not validate the deflanguage parameter against the list of available language files. An authenticated customer can set deflanguage to a path traversal payload e.g., ../../../../../var/customers/webs/customer1/evil, which is...

Cisco Unity Connection 安全漏洞

Cisco Unity Connection UC is a voice messaging platform developed by the American company Cisco. This platform allows users to make calls or listen to voic messages using voice commands. There is a security vulnerability in Cisco Unity Connection UC, which stems from improper validation of HTTP...

Adobe ColdFusion fetchCFSettingFile Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the fetchCFSettingFile method. The issue results from the lack of proper...

WWBN AVideo has an incomplete fix for CVE-2026-33293: Path Traversal

Summary The incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Affected Package - Ecosystem: Other - Package: AVideo - Affected versions: = commit 941decd6d19e Details At...

Exploit for Path Traversal in Redaxo

CVE-2026-21857: Redaxo has Path Traversal in Backup Addon Lead...

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant developed under the OpenClaw open source project. OpenClaw has a path traversal vulnerability, which stems from insufficient validation of path parameters, potentially leading to information leakage...

CVE-2026-35668

OpenClaw contains a path traversal vulnerability in its sandbox enforcement prior to version 2026.3.24. The flaw allows sandboxed agents to read arbitrary files from other agents’ workspaces through unnormalized mediaUrl and fileUrl parameter keys, due to incomplete parameter validation in normal...

CVE-2026-35668

OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit incomplete parameter validation in...

CVE-2025-50654

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thdmember.asp endpoint...

PT-2026-31372

CVE-2025-50646 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos type asp.asp endpoint. https://t.co/DMT2TO3UP6...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006755 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters o...