104165 matches found
CVE-2026-12478
The fix for CVE-2026-0716 commit 6ff7ef0, libsoup 3.6.6 placed the integer overflow guard inside the if masked block, leaving unmasked server-to-client frames unprotected. A malicious WebSocket server can send a crafted unmasked frame with a payload length near UINT64MAX to trigger an OOB read in...
CVE-2025-40945
A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...
CVE-2026-8384
CVE-2026-8384 describes a URI normalization issue in the context of Eclipse Jetty: a crafted HTTP URI like "/public;/../admin/secret.txt" yields an unresolved path "/public/../admin/secret.txt" instead of the expected "/admin/secret.txt". Jetty itself remains unaffected, since it won’t serve secr...
CVE-2026-57898
Eclipse BaSyx Java Server SDK (2.0.0-milestone-05 to 2.0.0-milestone-12) with MongoDB backend is vulnerable to unauthenticated arbitrary file write via the AAS thumbnail API. The upload path accepts a client-controlled fileName, which is used as both a repository key and, during retrieval, as a l...
CVE-2026-12511
CVE-2026-12511 affects the AI Engine WordPress plugin prior to 3.5.5. The flaw occurs when a user-supplied filename used for a downloaded file is not sanitized, enabling authenticated users with editor-level access to perform path traversal and write attacker-controlled bytes to an arbitrary loca...
CVE-2026-11563
The CVE affects the Word Count and Social Shares WordPress plugin (up to version 1.0). The root cause is failure to validate a user-supplied file path before deletion and lack of proper authorization/CSRF checks. This allows any authenticated user (e.g., a Subscriber) to delete arbitrary files on...
EUVD-2026-43626
The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...
CVE-2026-12482
A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the filtersafetarinfos validation in keras/src/utils/fileutils.py. Specifically, symlink entries are not subjected to the same ispathindir validation as regular file entries,...
CVE-2026-15626
CVE-2026-15626 affects nextlevelbuilder GoClaw 3.13.3-beta.3, specifically the ACP ToolBridge Workspace Handler’s writeFile function in internal/providers/acp/tool_bridge.go. The issue enables path traversal, allowing remote exploitation. Public exploit details exist. Affected product/version and...
EUVD-2026-43615
A vulnerability was determined in nextlevelbuilder GoClaw 3.13.3-beta.3. This affects the function writeFile of the file internal/providers/acp/toolbridge.go of the component ACP ToolBridge Workspace Handler. This manipulation causes path traversal. The attack is possible to be carried out...
EUVD-2026-43577
Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php sanitizes the bucket name with pregreplace'/^a-zA-Z0-9-\./','', $bucket, which permits '..' and '../' sequences. The sanitized value is...
EUVD-2026-43566
OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...
EUVD-2026-43571
OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...
EUVD-2026-43560
PasswordPusher before 2.9.2 contains a brute-force vulnerability in the POST /p/:token/access endpoint that lacks route-specific rate limiting and per-push lockout mechanisms. Attackers who know a push token can systematically guess passphrases at 120 attempts per minute without triggering any...
CVE-2026-15607
TanStack DB up to 0.6.8 contains a vulnerability in the Alias Path Handler’s select function (src/query/compiler/select.ts) that allows improperly controlled modification of object prototype attributes (prototype pollution). Impacted component: TanStack DB; vulnerability arises from the select fu...
CVE-2026-57856
Cockpit CMS exposes a path traversal in the Bucket file storage API (/system/buckets/api). The api() function sanitizes the bucket name with a regex that still allows ".." and "../" sequences, which are then interpolated into uploads://buckets/{bucket} and not blocked by Flysystem’s WhitespacePat...
CVE-2026-48363
CVE-2026-48363 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a malicious file). The issue...
CVE-2026-48364
CVE-2026-48364 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is an Uncontrolled Search Path Element vulnerability that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file); the impact is ...
CVE-2026-61505
Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact...
CVE-2026-61462
mcp-gitlab contains a path traversal vulnerability in the jobid parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted jobid values like ../../../user to escape the intended path prefix and access arbitrary GitLab API...