CVE-2025-52608 HCL iControl was affected by Missing Cookie Attributes vulnerability.

HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper state checking in the rxrpc service challenge phase. This vulnerability may lead to...

CVE-2026-4214

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

PT-2026-27251

!NOTE If server-side LaTeX rendering is not in use ie XELATEX PATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...

PT-2026-26953

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer o...

CVE-2026-4214

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

CVE-2026-4214 D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Setting stack-based overflow

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

CVE-2026-4214 D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Setting stack-based overflow

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

CVE-2026-4214

CVE-2026-4214 affects a range of D-Link NAS/Network devices (DNS-120 and many DNS/DNR models) with a flaw in UPnP_AV_Server_Path_Setting (/cgi-bin/app_mgr.cgi) that can cause a stack-based buffer overflow. The issue can be triggered remotely and an exploit has been published. The connected source...

CVE-2026-2499

CVE-2026-2499 affects the WordPress Custom Logo plugin (

WordPress Custom Logo plugin <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Logo Path Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Custom Logo versions = 2.2...

CVE-2026-27615

ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...

PT-2026-20314

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download path' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the WP...

CVE-2024-58286

dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation...

Command Injection

Overview chromedriver is a ChromeDriver for Selenium Affected versions of this package are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system. Note: An attack...

NetworkManager: Profile with match.path setting triggers crash

A flaw was found in NetworkManager. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability...

File Manager < 3.1 - CSRF to Stored Cross-Site Scripting

The plugin is lacking CSRF as well as sanitisation checks, allowing attackers to perform CSRF attacks against logged in administrators and set an XSS payload in the publicpath setting. PoC...

CVE-2017-18094

Various resources in Atlassian Fisheye and Crucible before version 4.4.3 the fixed version for 4.4.x and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the base path setting of a configured fi...