jotty·page 路径遍历漏洞

Jotty·Page is a self-hosted inventory and note management application developed by fccview. Versions of Jotty·Page prior to 1.22.0 contained a path traversal vulnerability. This vulnerability stems from unauthorized path traversal in the /api/appIcons/filename route, which could lead to file...

CVE-2026-40690

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

Exploit for CVE-2026-34070

I Found a Path Traversal Bug in LangChain That Could Leak Your...

GHSA-8MH7-PHF8-XGFM OpenClaw skills.status could leak secrets to operator.read clients

Summary skills.status could disclose secrets to operator.read clients by returning raw resolved config values in configChecks for skill requires.config paths. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.14...

CVE-2026-21315

Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must ope...

EulerOS 2.0 SP11 : libssh (EulerOS-SA-2025-2201)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation...

Linux Distros Unpatched Vulnerability : CVE-2023-22048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.33 and prior. Difficul...

CVE-2024-37005

A maliciously crafted XB file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

CVE-2024-24919 PoC a Proof of Concept of CVE-2024-24919 Read...

USN-6300-1 linux, linux-aws, linux-aws-5.15, linux-gcp, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities

William Zhao discovered that the Traffic Control TC subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2022-4269 It was discovered that the NTFS file system...

Avaya Callback Assist 代码问题漏洞

Avaya Callback Assist is a software application from Avaya, USA. With Avaya Callback Assist, contact centers can offer callback options to callers during peak call periods when estimated wait times are highest A code issue vulnerability exists in Callback Assist includes 4.0.x Series 4.7.1.1 prio...

Oracle PeopleSoft Enterprise CS Campus Community Frameworks 安全漏洞

Oracle PeopleSoft Products is a set of enterprise human capital management solutions from Oracle Oracle. The products provide human capital management, financial management, supplier relationship management, and other capabilities. A security vulnerability exists in PeopleSoft Enterprise CS Campu...

UBUNTU-CVE-2020-11867

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there...

CVE-2017-10337

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications subcomponent: Leisure. Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

LXD Container Data Read Vulnerability

LXD is a container for managing applications on Linux-based systems. LXD fails to properly set permissions when creating ZFS pool-based loops, allowing a local attacker to exploit the vulnerability to copy and read data from arbitrary LXD containers...

RedHat Security Advisory RHSA-2009:0341

The remote host is missing updates announced in advisory RHSA-2009:0341. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski...

security flaw

The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...