CVE-2026-43616

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...

CVE-2026-43616 Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write

Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal sequences or absolute paths. Attackers can exploit insufficient path normalization during archive...

DIE-engine 安全漏洞

DIE-engine is a file type detection and reverse analysis tool developed by Hors’ individual developer. Versions of DIE-engine prior to 3.21 contained security vulnerabilities. These vulnerabilities were caused by path traversal attacks, allowing attackers to write arbitrary files into the file...

Astra Linux - уязвимость в yelp, yelp-xsl

A flaw was discovered in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability enables malicious users to input help documents, which may result in the exfiltration of user files to an external environment...

Astra Linux - уязвимость в zabbix

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...

Astra Linux - уязвимость в apache2

A vulnerability in the Apache HTTP Server’s AllowOverride FileInfo directive allows for the execution of CGI scripts under an unexpected userid. Users who have access to use the RequestHeader directive in htaccess can exploit this vulnerability. This issue affects Apache HTTP Server versions 2.4....

Astra Linux - уязвимость в firefox, thunderbird

If a document creates a sandboxed iframe without allow-scripts, and then appends an element to the iframe’s document that has a JavaScript event handler—the event handler will still be executed despite the iframe being in a sandbox. This vulnerability affects Firefox versions earlier than 97,...

Astra Linux - уязвимость в chromium

Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. Chromium security severity: High...

Astra Linux - уязвимость в lxml

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

Astra Linux - уязвимость в zabbix

JavaScript preprocessing, webhooks, and global scripts can lead to uncontrolled utilization of CPU, memory, and disk I/O resources. The ability to preprocess/webhook/configure and test global scripts is only available to Administrative roles Admin and Superadmin. Administrative privileges should...

CVE-2026-4658

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

cve-deep-dive

Report Bug · Request Feature Table of Contents a...

Exploit for CVE-2026-31431

copy-fail-fix Per-distro mitigation scripts for CVE-2026-314...

PT-2026-36299

Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

Open Redirect

Overview jupyterlab is a JupyterLab computational environment. Affected versions of this package are vulnerable to Open Redirect in the CommandLinker class. An attacker can steal authentication tokens and gain unauthorized access to user accounts by convincing a user to open a malicious notebook...

CVE-2026-36761

The CVE-2026-36761 entry documents a stored XSS vulnerability in JeeSite v5.15.1. The flaw resides in the /msg/msgInner/save endpoint, where crafted input in the msgContent parameter can lead to execution of arbitrary web scripts/HTML. The vulnerability is described with a CVSS v3.1 base score of...

CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

EUVD-2018-21832

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, downloadxml.pl,...

CVE-2018-25311 VideoFlow Digital Video Protection DVP 2.10 Authenticated Directory Traversal

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 is affected by an authenticated directory traversal vulnerability. An authenticated attacker can disclose arbitrary files by injecting path traversal sequences into the ID parameter when issuing requests to downloadsys.pl, download_xml.pl, download.pl, ...