CVE-2026-41693

i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Prior to version 2.6.4, i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath / addPath templates and then read / write the resulting fil...

ExploitBench: A Capability Ladder Benchmark for LLM Cybersecurity Agents

Exploitation is not a binary event. It is a ladder of acquiring progressive capabilities, from executing a single buggy line of code to taking full control of the target. However, existing LLM security benchmarks treat a crash as exploitation success. That single binary outcome collapses the hard...

CVE-2026-8108 Fuji Electric Tellus Exposed Dangerous Method or Function

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions...

CVE-2026-8108

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions...

HashiCorp Nomad vulnerable to symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

CVE-2026-8052

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

CVE-2026-42889

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

UBUNTU-CVE-2026-6959

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

CVE-2026-44225

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

CVE-2026-44225

CVE-2026-44225 (Pulpy) : The vulnerability affects Pulpy, a cross-platform desktop app packager for web apps. Before version 0.1.1, Pulpy injects a pulpy.fs JavaScript API into packaged web apps and the intended sandbox via validateFsPath() is incomplete, allowing a web app to read and write arbi...

CVE-2026-34653 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

CVE-2026-34653 Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

CVE-2025-61624

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions,...

CVE-2026-43912

A flaw was found in Vaultwarden, a Bitwarden-compatible server. A remote attacker with administrative privileges in one organization and low-privileged membership in another could exploit improper enforcement of organization consistency in group management endpoints. This allows the attacker to...

PT-2026-40384

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad versions prior to 2.0.1 HashiCorp Nomad Enterprise versions prior to 2.0.1 Description An issue exists that allows arbitrary file read and write operations on the client host with the privileges of the Nomad process user. This ...

PT-2026-40386

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad exec2 task driver versions prior to 0.1.2 Description The exec2 task driver allows arbitrary file read and write operations on the client host with the privileges of the Nomad process user. This is possible through a symlink...

Fuji Electric Fuji Tellus 安全漏洞

Fuji Electric Fuji Tellus is an interface and control platform for industrial automation and equipment monitoring developed by Fuji Electric in Japan. There is a security vulnerability in Fuji Electric Fuji Tellus, which stems from adding drivers to the kernel during the installation process,...

PT-2026-40422

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

HashiCorp Nomad和HashiCorp Nomad Enterprise 后置链接漏洞

HashiCorp Nomad and HashiCorp Nomad Enterprise are both products from HashiCorp, a company based in the United States. HashiCorp Nomad is a simple and flexible scheduler and orchestrator. It’s used for managing containers and non-containerized applications on both local and cloud environments...