Contrast BadAML injection allows arbitrary code execution

BadAML BadAML is an AML injection attack that exploits the ACPI interface and allows arbitrary code execution in a confidential VM. The attack was first published in 2024: - - Impact An attacker with control over the host which is assumed in the attacker model of Contrast can execute malicious AM...

Directory Traversal

Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Directory Traversal in the POST /sync/upload-user-file endpoint due to improper validation of the x-actual-file-id header. An attacker can write files outside the intended directory by...

CVE-2026-0858

A flaw was found in PlantUML. This vulnerability, known as Stored Cross-Site Scripting XSS, occurs due to insufficient sanitization of interactive attributes within GraphViz diagrams. A remote attacker can exploit this by crafting a malicious PlantUML diagram, which then injects harmful JavaScrip...

UBUNTU-CVE-2025-51591

A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...

Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass

Windows: SETREPARSEPOINTEX Mount Point Security Feature Bypass Platform: Windows 10 1903, 1809 not tested earlier Class: Security Feature Bypass Summary: The NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn’t support allowing a sandboxed...