CVE-2026-50699 Frappe Framework 17.0.0-dev - Stored XSS in Auto Repeat dashboard schedule rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in referencedocument using a whitelisted write path and trigger script execution when users open the affected Auto...

CVE-2026-57296

Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can...

CVE-2026-57288

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

CVE-2026-35025

ProFTPD versions affected: 1.3.9b and 1.3.10rc2. Issue: an access control bypass in the RNFR path handling allows authenticated FTP users to bypass Directory ACL restrictions by prefixing paths with /proc/self/root. Root cause: unresolved symlink components in dir_canonical_path() cause dir_check...

EUVD-2026-38777

Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can...

CVE-2026-57296

The CVE-2026-57296 entry concerns Jenkins External Workspace Manager Plugin, specifically versions 1.3.2 and earlier. The root cause is that the exwsAllocate Pipeline step does not reject path traversal sequences in the custom workspace path, enabling an attacker with Item/Configure permission to...

CVE-2026-57296

Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can...

EUVD-2026-38707

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...

EUVD-2026-38705

In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...

CVE-2026-52929

The CVE-2026-52929 entry concerns the Linux kernel SCTP stream handling. When ADD_OUT_STREAMS is denied, the scheduler may leave removed stream metadata behind, enabling a later re-add to reuse a stale ext and trigger a null-pointer dereference in the scheduler get path. The fix tears down the re...

CVE-2026-52917

The CVE-2026-52917 vulnerability affects the Linux kernel SCTP implementation, specifically in the sock_diag dump_one path used by inet_diag. When a transport reference is held, the code can block on lock_sock(sk) and resume after sctp_association_free() marks the association dead and frees its b...

EUVD-2026-38720

In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associations in dumpone path The SCTP exact sockdiag lookup can hold a transport reference, block on locksocksk, and then resume after sctpassociationfree has marked the association dead and freed its bin...

EUVD-2026-38671

The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

CVE-2026-8628 EntreDroppers <= 1.1.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

ROOT-APP-NPM-CVE-2026-4867 CVE-2026-4867 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2026-4867 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2024-52798 CVE-2024-52798 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2024-52798 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2024-45296 CVE-2024-45296 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2024-45296 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

Landray EKP - Path Traversal

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...

Koha 3.20.1 - Directory Traversal

Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the templatepath parameter to 1 svc/virtualshelves/search or 2 svc/members/search. id: CVE-2015-4632 info: name:...

esm.sh <= v136 - Arbitrary File Write via Path Traversal

esm.sh = 136 contains a path traversal caused by improper canonicalization of the X-Zone-Id HTTP header, letting attackers write files outside the intended storage directory, exploit requires crafted header input. id: CVE-2025-59342 info: name: esm.sh = v136 - Arbitrary File Write via Path...