Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

Canonical Multipass 安全漏洞

Canonical Multipass is a virtual instance of Ubuntu developed by Canonical OpenSource. Versions of Canonical Multipass prior to 1.16.3 contained security vulnerabilities. These vulnerabilities stemmed from incomplete fixes to CVE-2025-5199. Five auxiliary binaries were still owned and writable by...

CVE-2026-48691

FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP ASPATH attribute encoder. In src/bgpprotocol.hpp, the IPv4UnicastAnnounce::getattributes function computes attributelength as 'sizeofbgpaspathsegmentelementt + this-aspathasns.size sizeofuint32t' and stores it in a...

PT-2026-43310

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description An integer overflow exists in the BGP AS PATH attribute encoder. The IPv4UnicastAnnounce::get attributes function calculates the attribute length and stores it in a uint8 t fiel...

CVE-2026-5271

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command e.g., pip, pytest from an attacker-controlled directory, a malicious module in that directory c...

CVE-2026-5271 Possible to hijack modules in current working directory

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command e.g., pip, pytest from an attacker-controlled directory, a malicious module in that directory c...

GHSA-QVVF-Q994-X79V SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write

Summary POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. Details...

CVE-2025-59819

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2025-59819

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2025-59819

The CVE-2025-59819 entries describe an authenticated arbitrary-file-read vulnerability: an attacker can supply a crafted filepath parameter that is mapped to an internal system path, enabling access to arbitrary files. Multiple sources (NVD, Red Hat, CVE list, Attackerkb, etc.) corroborate the sa...

CVE-2025-59819

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2025-59819 Authenticated Arbitrary File Read via filepath parameter

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

CVE-2025-59819 Authenticated Arbitrary File Read via filepath parameter

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

PT-2026-21002

This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001820)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001820 advisory. The dofollowlink function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, whi...

CVE-2025-63695

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...

EUVD-2025-198056

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php...

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value due to the protocDigest parameter being ignored when the protoc executable is sourced from the system PATH. An attacker can bypass integrity verification by placing a malicious protoc binary...

EUVD-2025-34251

Argo Workflow has a Zipslip Vulnerability...