UBUNTU-CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

Information Exposure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Information Exposure via the connect process. An attacker can obtain sensitive host filesystem paths and deployment metadata by making authenticated requests as a non-admin client...

CVE-2026-2331

An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access witho...

EUVD-2026-10025

An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access witho...

CVE-2026-2331

An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access witho...

CVE-2026-2331

CVE-2026-2331 describes unauthenticated read/write access to sensitive filesystem areas via AppEngine Fileaccess over HTTP caused by improper access restrictions. A critical filesystem directory was exposed through the HTTP-based file access feature, allowing access without authentication. Impact...

SICK Lector85x和SICK SICK Lector83x 安全漏洞

SICK Lector85x and SICK SICK Lector83x are a series of QR code image recognition readers developed by the German company SICK. Both devices have security vulnerabilities. These vulnerabilities stem from incorrect access controls. Attackers could potentially perform unauthenticated read and write...

CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

EUVD-2026-9879

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 RCE POC A POC for CVE-2024-32002 demonstrating...

ScozBook 1.1 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7236/info A path disclosure vulnerability has been reported for ScozBook. The issue occurs when a request is made to the view.php script page. Access to sensitive filesystem information may aid an attacker in launching...

Justice Guestbook 1.3 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7234/info A path disclosure vulnerability has been reported for Guestbook. The issue occurs when a request is made to the cfooter.php3 PHP script page. Access to sensitive filesystem information may aid an attacker in...

mysql-server create database privilege escalation

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions...

ScozBook 1.1 - Full Path Disclosure

ScozBook 1.1 - Full Path Disclosure source: https://www.securityfocus.com/bid/7236/info A path disclosure vulnerability has been reported for ScozBook. The issue occurs when a request is made to the view.php script page. Access to sensitive filesystem information may aid an attacker in launching...

Justice Guestbook 1.3 - Full Path Disclosure

source: https://www.securityfocus.com/bid/7234/info A path disclosure vulnerability has been reported for Guestbook. The issue occurs when a request is made to the cfooter.php3 PHP script page. Access to sensitive filesystem information may aid an attacker in launching further attacks against a...