Lucene search
+L

5 matches found

Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-8920

Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...

8.5CVSS0.0009EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-8920

The vulnerability CVE-2026-8920 concerns ASUS Aura Wallpaper Service. It describes Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path, enabling a local user to perform file operations by sending crafted commands that contain an arbitrary ...

8.5CVSS6.2AI score0.0009EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 6:40 p.m.21 views

CVE-2026-33768 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

6.5CVSS0.00331EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2025/03/05 12:0 a.m.7 views

The vulnerability of the add_dir() function in the nas.cgi script of the Wavlink AC3000 router’s microprogramming system allows a hacker to circumvent existing security restrictions.

The vulnerability of the adddir function in the nas.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to bypass existing security...

9.1CVSS7.7AI score0.02472EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/04 12:0 a.m.7 views

The vulnerability of the ZipUtils class in the ProSafe Network Management System, which includes tools for network device management, diagnosis, and optimization, allows a hacker to bypass security restrictions and execute arbitrary code.

The vulnerability of the ZipUtils class in the ProSafe Network Management NMS300 system, which is used for managing, diagnosing, and optimizing the operation of network devices, is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability allows...

9CVSS7.4AI score0.58622EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder