CVE-2026-47385

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. The SQLite client and the base/integration creat...

CVE-2026-44668 Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

EUVD-2026-31944

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke without checking for a valid session. Four action methods in BoilerPlateConfig perform no local...

CVE-2024-48862

A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the vulnerability in the followin...

CVE-2023-20115

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is d...

PT-2023-4593 · Cisco · Cisco Nexus 3000 Series Switches +3

Name of the Vulnerable Software and Affected Versions: Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode affected versions not specified Description: A vulnerability in the SFTP server implementation could allow an authenticated, remote attacker to download or...

QNAP多款产品后置链接漏洞

QNAP Systems QNAP QuTScloud is a cloud-optimized version of the QNAP NAS operating system from QNAP Systems. A backlink vulnerability exists in QNAP QTS, QuTS hero, and QuTScloud that stems from a link tracking issue. A remote attacker could use this vulnerability to traverse the file system to a...

The vulnerability of the CLI component of Cisco Enterprise NFV Infrastructure Software allows a attacker to gain access to the basic operating system and rewrite or read any files they desire.

The vulnerability of the CLI component of Cisco Enterprise NFV Infrastructure Software exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a attacker to gain access to the underlying operating system and overwrite or read...

CVE-2020-5906

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy SCP protocol access to read and overwrite blacklisted files via SCP...

UBUNTU-CVE-2007-1329

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . dot characters adjacent to 1 users and 2 users/members strings, which are removed by blacklisting functions that filter the...

CVE-2007-1329

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . dot characters adjacent to 1 users and 2 users/members strings, which are removed by blacklisting functions that filter the...

security flaw

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O archive or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files...