CVE-2026-41144

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

EUVD-2026-24577

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

CVE-2026-41144 F´ (F Prime) has Integer Overflow in FileUplink

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

ALPINE-CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

EUVD-2026-24428

Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications component: App Server. Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

CVE-2026-34274

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

CVE-2026-22006

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Employee Snapshot. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2026-40909

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint locale/save.php constructs a file path by directly concatenating $POST'flag' into the path at line 30 without any sanitization. The $POST'code' parameter is then written verbatim to that path via...

CVE-2026-40909 WWBN AVideo has a Path Traversal in Locale Save Endpoint that Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint locale/save.php constructs a file path by directly concatenating $POST'flag' into the path at line 30 without any sanitization. The $POST'code' parameter is then written verbatim to that path via...

CVE-2026-40909

WWBN AVideo (pre-29.0) contains a path traversal in locale/save.php that concatenates $_POST['flag'] into the target path and writes $_POST['code'] to that path via fwrite(), allowing an attacker with admin access or CSRF to write arbitrary PHP files outside locale/ and achieve Remote Code Execut...

CVE-2026-40909 WWBN AVideo has a Path Traversal in Locale Save Endpoint that Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint locale/save.php constructs a file path by directly concatenating $POST'flag' into the path at line 30 without any sanitization. The $POST'code' parameter is then written verbatim to that path via...

GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay

A flaw was found in GStreamer. This out-of-bounds write vulnerability exists within the rtpqdm2depay element, specifically during the processing of X-QDM Real-time Transport Protocol RTP payload elements. A remote attacker can exploit this by providing malformed user-supplied data to the packetid...

GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay

A flaw was found in GStreamer. This out-of-bounds write vulnerability exists within the rtpqdm2depay element, specifically during the processing of X-QDM Real-time Transport Protocol RTP payload elements. A remote attacker can exploit this by providing malformed user-supplied data to the packetid...

GHSA-VP62-R36R-9XQP Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace

Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the symlink and wrote to the target location outside the workspace...

UNIX Symbolic Link (Symlink) Following

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink...

Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace

Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the symlink and wrote to the target location outside the workspace...

EUVD-2019-20151

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

CVE-2026-41193

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP...

CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

DEBIAN-CVE-2026-40611

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...