USN-8367-1: tar-fs vulnerabilities

It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this issue to write or overwrite files outside the intended extraction directory. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-12905 It was...

CVE-2025-43534

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock...

PT-2026-5235

Name of the Vulnerable Software and Affected Versions Erugo versions up to and including 0.2.14 Description Erugo is a self-hosted file-sharing platform. An authenticated, low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user-supplied path...

MiracleLinux 8 : java-17-openjdk-17.0.9.0.9-2.el8 (AXSA:2023-6546:18)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6546:18 advisory. OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authenticatio...

RHEL 8 : mariadb:10.5 (RHSA-2026:0336)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0336 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB: mariadb-dump...

CVE-2021-33725

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory...

CVE-2025-11466

Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

EUVD-2020-30680

Malware in sbrugna...

EUVD-2015-4234

Malware in sbrugna...

EUVD-2020-30679

Malware in sbrugna...

EUVD-2020-15925

Malware in sbrugna...

EUVD-2020-12730

Malware in sbrugna...

EUVD-2024-0098

Malicious code in bioql PyPI...

EUVD-2022-3622

Malicious code in bioql PyPI...

CVE-2025-7778 Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the deletefiles function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to to delete arbitrary...

CVE-2025-51475

Arbitrary File Overwrite AFO in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in os.path.join and lac...

CVE-2025-7359

The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitorgetblock function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to delete arbitrary...

CVE-2025-6803

Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability...

WordPress Everest Forms plugin has an unspecified vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A security vulnerability exists in the ordPress Everest Forms plugin that stems from insufficient path validation of the deleteentryfiles function, which can be exploited by an...

PT-2025-26822 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: The Everest Forms Pro plugin for WordPress versions up to, and including, 1.9.4 Description: The issue is related to insufficient file path validation in the delete entry files function, allowing unauthenticated attackers to delete arbitrary...