pretix 安全漏洞

Pretix is a ticketing system developed by the German company Pretix. There is a security vulnerability in Pretix. This vulnerability stems from an API endpoint that does not verify whether the UUID used for downloading corresponds to the file that should be downloaded and whether it belongs to th...

Astra Linux - уязвимость в samba

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker...

WordPress Kubio AI Page Builder plugin <= 2.7.2 - Missing Authorization to Authenticated (Contributor+) Limited File Upload via Kubio Block Attributes vulnerability

Missing Authorization to Authenticated Contributor+ Limited File Upload via Kubio Block Attributes vulnerability discovered by oolongeya - Dreamhack in WordPress Plugin Kubio AI Page Builder versions = 2.7.2...

CVE-2026-34985

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not have access to, the...

SICK Lector85x和SICK SICK Lector83x 安全漏洞

SICK Lector85x and SICK SICK Lector83x are a series of QR code image recognition readers developed by the German company SICK. Both devices have security vulnerabilities; these vulnerabilities stem from incomplete execution of the whitelist. Attackers could potentially access the restricted file...

CVE-2026-27636 FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in app/Misc/Helper.php does not include .htaccess or .user.ini files. On Apache servers with AllowOverride All a common configuration, an...

CVE-2026-27636

FreeScout has two combined CVEs affecting prior to 1.8.206. CVE-2026-27636 stems from an incomplete file restriction list: .htaccess and .user.ini are not blocked, allowing an authenticated user to upload a script on Apache with AllowOverride All and potentially achieve Remote Code Execution. CV...

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

UNIX Symbolic Link (Symlink) Following

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink...

Linux Distros Unpatched Vulnerability : CVE-2026-22444

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The create core API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of a...

GHSA-VC2W-4V3P-2MQW Apache Solr: Insufficient file-access checking in standalone core-creation requests

The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

CVE-2018-18406

An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...

CVE-2018-4468

This issue was addressed by removing additional entitlements. This issue is fixed in macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra. A malicious application may be able to access restricted files...

CVE-2025-12041

The CVE-2025-12041 entry concerns the WordPress ERI File Library plugin up to version 1.1.0, where a missing capability check on the erifl_file AJAX action allows unauthenticated attackers to download files restricted to specific user roles. Affected software: WordPress ERI File Library plugin (v...

EUVD-2002-0272

Malware in sbrugna...

EUVD-2020-30747

Malware in sbrugna...

EUVD-2018-16254

Malware in sbrugna...

EUVD-1999-0570

Malware in sbrugna...

EUVD-2020-26500

Malware in sbrugna...

EUVD-2020-2471

Malware in sbrugna...