📄 Casdoor 3.54.1 Arbitrary File Write / Path Traversal

Casdoor versions prior to 3.54.1 suffer from an arbitrary file write vulnerability via a path traversal. This can result in remote code execution via a shell upload or ssh key injection. Exploit Title: Casdoor 3.54.1 - Arbitrary File Write via Path Traversal Date: 2026-05-11 Exploit Author: sixpa...

Casdoor 3.54.1 - Arbitrary File Write via Path Traversal

Exploit Title: Casdoor 3.54.1 - Arbitrary File Write via Path Traversal Date: 2026-05-11 Exploit Author: sixpain Vendor Homepage: https://casdoor.org/ Software Link: https://github.com/casdoor/casdoor Version: 3.54.1 Tested on: Linux / Docker CVE : CVE-2026-6815 """ Casdoor Arbitrary File Write /...

CVE-2026-6815

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...

CVE-2026-22219 Chainlit < 2.9.4 SQLAlchemy Data Layer SSRF via /project/element

Chainlit versions prior to 2.9.4 contain a server-side request forgery SSRF vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy...

CVE-2026-22219

CVE-2026-22219 affects Chainlit

CVE-2022-26355

Citrix Federated Authentication Service FAS 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider MSKSP. This issue only...

EUVD-2025-34423

Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...

EUVD-2017-0742

Malware in sbrugna...

EUVD-2024-19942

Malicious code in bioql PyPI...

EUVD-2022-37293

Malicious code in bioql PyPI...

CVE-2025-33061

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...

CVE-2025-33060

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...

CVE-2025-33055

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...

CVE-2025-32720

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally...

CVE-2024-22385

Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4...

Security Bulletin: IBM Robotic Process Automation is vulnerable to disclosing sensitive information due to improper privilege management for storage provider types (CVE-2022-34338)

Summary IBM Robotic Process Automation is vulnerable to disclosing sensitive information due to improper privilege management for storage provider types CVE-2022-34338 Vulnerability Details CVEID:CVE-2022-34338 DESCRIPTION: IBM Robotic Process Automation could disclose sensitive information due t...

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed several vulnerabilities in Android and Samsung Mobile, including two zero-day vulnerabilities that were actively exploited in targeted attacks. The vulnerabilities are in the Android kernel and the ExternalStorageProvider.java, which can lead to local privilege escalation and...

CVE-2024-57960

Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from the Chinese company Huawei Huawei. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS that stems from an input validation class vulnerability in the ExternalStorageProvid...

com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +97 more potentially affected by CVE-2024-10270 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=24.0.5)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.1.23, =1.1.28 and more Source cves: CVE-2024-10270 Source advisory: OSV:GHSA-WQ8X-CG39-8MRR...