CVE-2026-6670

The Media Sync plugin for WordPress (versions up to 1.4.9) is vulnerable to Path Traversal via the sub_dir and media_items parameters. Due to insufficient validation of user-supplied file paths, attackers with Author-level access or higher can act on files outside the intended uploads directory. ...

PT-2026-41157

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.8.9 Description Persistent local-pty code execution is possible through the import of bookmark JSON files or compromised synchronization targets such as gist or WebDAV. An attacker can inject exec fields or global...

PT-2026-40893

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub dir' and 'media items' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted...

WordPress plugin Media Sync 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-44194

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...

WordPress Media Sync plugin <= 1.4.9 - Authenticated (Author+) Path Traversal vulnerability

Authenticated Author+ Path Traversal vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Media Sync versions = 1.4.9...

SUSE CVE-2026-43396

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dmafencechainalloc fails, properly release the user fence reference to prevent a memory leak. cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0...

CVE-2026-45224

Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...

BIT-ARGO-WORKFLOWS-2026-42297 Argo Workflows Is Missing Authorization in Sync ConfigMap Provider

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read,...

PT-2026-40273

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/sync cm.go performs zero authorization checks on all CRUD operations create, read,...

CVE-2026-41161

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time...

CVE-2026-45224

Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...

CVE-2026-45224 Crabbox < 0.9.0 Path Traversal via Islo Provider Workspace Resolution

Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...

CVE-2026-45224

CVE-2026-45224 – Crabbox

CVE-2026-42860 Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...

CVE-2026-42860 Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint

The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the syncproviderdata endpoint in SAMLProviderDataViewSet fetches SAML metadata from a URL stored in SAMLProviderConfig.metadatasource. An authenticated user with the Enterprise Admin ro...

CVE-2026-42860

The CVE-2026-42860 issue affects Open edX Openedx Enterprise Service (edx-enterprise). From 7.0.2 through 7.0.4, the sync_provider_data endpoint retrieves SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated Enterprise Admin can PATCH this field to an arbitrary ...

CVE-2026-42858

Open edX Platform contains a server-side request forgery (SSRF) in the sync_provider_data endpoint of SAMLProviderDataViewSet. An authenticated Enterprise Admin can supply an arbitrary URL via the metadata_url parameter, which is passed to requests.get() in fetch_metadata_xml() without URL valida...

CVE-2026-42858 Open edX Platform: Server-Side Request Forgery (SSRF) in SAML Provider Data Sync Endpoint

Open edX Platform enables the authoring and delivery of online learning at any scale. The syncproviderdata endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadataurl POST parameter. This URL is passed directly to requests.get in...

SUSE CVE-2026-43395

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xesyncentryparse can allocate references syncobj, fence, chain fence, or user fence before hitting a later failure path. Several of those paths returned directly,...