Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which allows any editor to delete any snapshot, even without read/write privileges...

AlmaLinux 10 : libpng (ALSA-2026:14790)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:14790 advisory. libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion CVE-2026-33636 Tenable has extracted the...

CVE-2026-8053 FlatBSON Duplicate Field Index Drift

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

CVE-2026-8053 FlatBSON Duplicate Field Index Drift

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

FlatBSON Duplicate Field Index Drift

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

CVE-2026-8108

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions...

CVE-2026-8108

The CVE concerns Fuji Tellus: its installer adds a kernel driver that grants all users read/write permissions, enabling local privilege escalation. The vulnerability enables an attacker to elevate from user to SYSTEM, with potential impact including privilege abuse and disruption of operations wi...

CVE-2026-8108 Fuji Electric Tellus Exposed Dangerous Method or Function

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions...

CVE-2026-8108

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions...

CVE-2026-8108 Fuji Electric Tellus Exposed Dangerous Method or Function

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions...

GHSA-C38F-WX89-P2XG UltraJSON has a Memory Leak in ujson.dump() on Write Failure

Summary When ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. Code that uses ujson.dumps rather than ujson.dump or...

Missing Release of Memory after Effective Lifetime

Overview ujson is an Ultra fast JSON encoder and decoder for Python Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the objToJSONFile function in objToJSON.c, when a write operation to a file-like object fails and raises an exception. An...

UltraJSON has a Memory Leak in ujson.dump() on Write Failure

Summary When ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operation leaks the full size of the serialized payload. Code that uses ujson.dumps rather than ujson.dump or...

GHSA-3636-H3VX-6465 esm.sh: Legacy Route Path Traversal Can Lead to RCE

Impact - Arbitrary File Write – An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE – By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. Exploit The legacy router...

esm.sh: Legacy Route Path Traversal Can Lead to RCE

Impact - Arbitrary File Write – An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE – By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. Exploit The legacy router...

CVE-2026-44257

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

CVE-2026-42844 Grav: Low-privileged API users can create super-admin accounts via blueprint-upload

Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full...

EUVD-2025-209805

An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed...

HashiCorp Nomad vulnerable to symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

EUVD-2026-29762

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...