Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the ToolConfigModel tool and config name handling in the Ruby and Python models. An attacker can write or delete arbitrary files within the shared /plugins directory by supplying tool or config names containi...

EUVD-2026-22716

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...

CVE-2026-33737

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

CVE-2026-21878 BACnet Stack Improperly Limits Pathnames to a Restricted Directory

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary...

BACnet Stack 路径遍历漏洞

BACnet Stack is an open-source protocol stack for BACnet, suitable for embedded systems, Linux, MacOS, BSD, and Windows. Versions of BACnet Stack prior to 1.5.0.rc3 contained a path traversal vulnerability. This vulnerability stemmed from the lack of validation for the file writing function,...

CVE-2026-24801

Vulnerability in Ralim IronOS source/Core/BSP/Pinecilv2/blmcusdk/components/ble/blestack/common/tinycrypt/source modules. This vulnerability is associated with program files eccdsa.C. This issue affects IronOS: before v2.23-rc3...

notation-go 安全漏洞

notation-go is a collection of libraries that support signing and verifying OCI artifacts for notaryproject individual developers. A security vulnerability exists in notation-go versions prior to 1.0.0-rc.3, which is caused by an application taking up too much memory when verifying signatures,...

UBUNTU-CVE-2021-3679

A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users with CAPSYSADMIN capability could use this flaw to starve the resources causing denial of service...

exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service

There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack...