CVE-2026-42317

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, a technician can delete arbitrary files from the filesystem as long as the webserver has write rights on them. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed...

Exploit for Path Traversal in Casbin Casdoor

CVE-2026-6815: Casdoor 3.54.1 Path Traversal & Arbitrary File...

GHSA-M8XG-8XG9-MXHM Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project

This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user without membership in the target project to bypass OPA authorization checks on write paths PUT /api/projects/id, DELETE /api/projects and modify or delete any project along with all its...

poc-exploit-github-actions-pull-request-write-vuln-demo

No d...

CVE-2026-7774

The CVE-2026-7774 entry concerns tarfile.data_filter in Python's tarfile handling. Crafted link entries, including symlinks with empty or directory-like names, can bypass checks to cause tarfile.extractall() to write files outside the intended extraction directory, limited by the extractor's perm...

CVE-2026-8916

Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635...

CVE-2026-8916

Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635...

EUVD-2026-34238

Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635...

CVE-2026-8916

Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635...

CVE-2026-8916

The CVE-2026-8916 entry concerns Samsung Open Source rlottie with an out-of-bounds write in rlottie prior to the commit dcfde72eae1b0464dc0dd760aec00ada6a148635. The vulnerability is described as affecting rlottie and can lead to buffer overflows, with a CVSS v3.1 score of 6.1 (MEDIUM) and an imp...

CVE-2026-50211

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...

unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in Chase-Reply Messages

A flaw was found in Unbound's DNSSEC validator when constructing chase-reply messages for validation. The code uses the wrong counter to calculate write offsets for ADDITIONAL section resource record sets. When a DNAME chain is combined with authority filtering, an uninitialized array slot is...

CVE-2026-50211 Exposed Factory Testing App Boundaries

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...

CVE-2026-50211

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...

EUVD-2026-34223

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers...

CVE-2026-50211

Technical details about CVE-2026-50211 are not publicly provided in the supplied documents. Monitor for updates as additional data may reveal affected products, root cause, and mitigations.

Emerson Dixell XWEB-500 - Arbitrary File Write

Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...

SUSE CVE-2022-46291

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...

CVE-2026-36499

A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...