CVE-2026-46121

A flaw was found in the Linux kernel's DAMON Data Access MONitor sysfs interface. A race condition exists between read and write operations on the memcgpath and path files. This allows a local attacker, by performing concurrent reads and writes with separate file handles, to trigger a...

Malicious code in gt-tester-exp-profiler-exp-00000015 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55fc219f03cbaeeedb660ad423cc7af08ff1d29154c8b8989b7b0c5d7d5c3d75 setup.py installs a.pth file containing import gttesterexpprofilerexp00000015.probe; probe.runprobe, causing every Python interpreter start on the...

CVE-2026-40191 ClearanceKit has a policy bypass via dual-path Endpoint Security events checking only source path

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

MAL-2026-2122 Malicious code in rowrapee (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 398cfbdac2d3602a5c9836408942993c3f2bbcda911184825f01cf9937fb035e The package hides code to download and start malicious script containing malware, identified as adware. The triggering method seems to be PTH file, although it...

MAL-2026-1496 Malicious code in robloxapi-testy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f0221b6839d8882a9275e177ae71c7bed9cc15a96800e4cead5766c67f0dd042 Installation embeds a malicious PTH file that then during import downloads and executes remote code. During analysis, the remote code was a test starting...

CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-26975

Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the OGSKEYLEN parameter in the function...

PT-2025-38381

Name of the Vulnerable Software and Affected Versions itsourcecode Online Discussion Forum version 1.0 Description A security issue exists in itsourcecode Online Discussion Forum. Manipulation of the ID argument in the /members/compose msg admin.php file can lead to SQL injection. The attack can ...

BIT-LIBPYTHON-2020-15801

In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected...

CVE-2015-10142

CVE-2015-10142 affects Sitecore Experience Platform (XP) prior to 8.0 Initial Release and Sitecore CMS prior to 7.2 Update-3 and prior to 7.5 Update-1. The flaw allows an attacker to download files under the web root when the file name is known via a specially crafted URL; allowed file types excl...

CVE-2025-6209 Arbitrary File Read through Path Traversal in run-llama/llama_index

A path traversal vulnerability exists in run-llama/llamaindex versions 0.12.27 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

itsourcecode Restaurant Management System 注入漏洞

itsourcecode Restaurant Management System is itsourcecode open source a restaurant management system . An injection vulnerability exists in version 1.0 of itsourcecode Restaurant Management System, which results from SQL injection due to incorrect manipulation of the parameter last in the file...

CVE-2022-1884 Remote Command Execution in gogs/gogs

A remote command execution vulnerability exists in gogs/gogs versions =0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the treepath parameter during file uploads. An attacker can set treepath=.git. to upload a file into the .git directory, allowing...

Mattermost Server 9.5.x < 9.5.8 / 9.10.x < 9.10.1 (MMSA-2024-00359)

The version of Mattermost Server installed on the remote host is prior to 9.5.8 or 9.10.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00359 advisory. - Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the...

CVE-2024-39810 Server crash via Elasticsearch certificate file

Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the...

PT-2024-28680 · Unknown · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.10.x through 9.10.0 Description: The issue arises from the failure to time limit and size limit the CA path file in the ElasticSearch configuration. This allows a System Role with...

PT-2023-32791 · Kalcaddle · Kodexplorer

Name of the Vulnerable Software and Affected Versions: kalcaddle KodExplorer versions up to 4.51.03 Description: A critical issue affects the API Endpoint Handler component, specifically the /index.php?pluginApp/to/yzOffice/getFile file. The manipulation of the path/file argument leads to...

CVE-2022-48226

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation...

SUSE CVE-2020-15801

In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected...