CVE-2026-34790

Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter to /cgi-bin/backup.cgi. The remove ARCHIVE parameter value is used to construct a file path without sanitization of directory traversal sequences,...

CVE-2025-55001 OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

GSD-2022-1004564 net: atlantic: remove deep parameter on suspend/resume functions

net: atlantic: remove deep parameter on suspend/resume functions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.132 by commit...

PT-2021-21126 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: An issue was discovered in the Translate extension where the Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set. This allows users with t...

Override vulnerability in the remove parameter of Cicada Knowledge Enterprise Portal and Ranch Collaboration Management System.

Cicada Knowledge Enterprise Portal System is a website content management system, and Ranch Coworking Management System is an enterprise coworking system. An override vulnerability exists in the remove parameter of Cicada Knowledge Enterprise Portal System and Ranzhi Collaboration Management...