60167 matches found
CVE-2026-42085 OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...
CVE-2026-42080
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via savegeneratedslides. This issue has been patched via commit 418491a...
CVE-2026-42080 PPTAgent: Arbitrary File Write via `save_generated_slides`
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via savegeneratedslides. This issue has been patched via commit 418491a...
CVE-2026-42080
PPTAgent contains an arbitrary file write vulnerability in the component handling slide generation. Prior to commit 418491a, an attacker could write arbitrary files via save_generated_slides. The issue has been patched in commit 418491a. Impact details in the public records indicate a low to medi...
CVE-2026-42080 PPTAgent: Arbitrary File Write via `save_generated_slides`
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via savegeneratedslides. This issue has been patched via commit 418491a...
CVE-2026-42078
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdowntabletoimage. This issue has been patched via commit 418491a...
CVE-2026-42078 PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdowntabletoimage. This issue has been patched via commit 418491a...
CVE-2026-42078
PVE: CVE-2026-42078 affects PPTAgent, an agentic framework for reflective PowerPoint generation. Before commit 418491a, the code path markdown_table_to_image allows arbitrary file write and directory creation. The issue has been patched via commit 418491a. Impact ranges from low to potentially en...
CVE-2026-42078 PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdowntabletoimage. This issue has been patched via commit 418491a...
CVE-2026-42075
Evolver (GEP-powered engine) contains a path traversal vulnerability in the fetch (skill download) command prior to version 1.69.3. The --out= flag accepts user-provided paths without validation, enabling an attacker to write files to arbitrary locations on the filesystem and overwrite sensitive ...
CVE-2026-42075 Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download fetch command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabli...
CVE-2026-42075 Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download fetch command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabli...
EUVD-2026-27033
Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...
CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations
Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...
CVE-2026-42812 Apache Polaris: No protection on `write.metadata.path`
In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...
CVE-2026-42812
In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. write.metadata.path is an optional table property that tells Polaris where to write those metadata files. For a table already registered in a...
mediatek-mt8365-preloader-exploit
Analysis of Preloader Vulnerabilities in MediaTek MT8365 MT81...
JLSEC-2026-394
When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...
Security Bulletin:ACE Vulnerability in QOS.CH Logback-core 1.5.24: Class Instantiation via Compromised Configuration File
Summary ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...