CVE-2026-4619

Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network...

CVE-2026-4619

Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network...

CVE-2026-4619

Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network...

CVE-2026-4619

Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to wtite over any file via network...

CVE-2026-4619

CVE-2026-4619 concerns a path traversal vulnerability in NEC Platforms, Ltd. Aterm Series. Multiple sources confirm that an attacker can overwrite arbitrary files over the network, via the affected device’s web/management interfaces. The issue is associated with the NEC Aterm family, and is liste...

SUSE CVE-2019-16227

An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursorinit1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

CVE-2026-33535

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A local attacker could exploit an out-of-bounds write of a zero byte in the X11 display interaction path. This vulnerability, a type of memory corruption, could lead to a crash of th...

CVE-2026-33536

A flaw was found in ImageMagick, an open-source software for image manipulation. This vulnerability, caused by an incorrect return value, allows a local attacker to write data outside of its intended memory area, known as an out-of-bounds write. The primary consequence of this flaw is a denial of...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal when using a custom frontend. An attacker can write files outside of the intended storage root by crafting a malicious API message when an untrusted frontend is used with syntax or --build-arg BUILDKITSYNTAX. Note:...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the explodeExtension function. An attacker can access unauthorized files by supplying specially crafted file extensions containing path separators. Details A Directory Traversal attack also known as path traversal...

CVE-2026-33945

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like...

Important: kernel6.18

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent CVE-2025-71268 In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from...

PT-2026-28584

Name of the Vulnerable Software and Affected Versions @mobilenext/mobile-mcp versions prior to 0.0.49 Description The @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobile save screenshot and mobile start screen recording tools. The saveTo and output parameters are...

Linux Distros Unpatched Vulnerability : CVE-2026-33945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is...

AlmaLinux 10 : golang (ALSA-2026:5941)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:5941 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...

AlmaLinux 9 : golang (ALSA-2026:5942)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:5942 advisory. cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url...

CVE-2026-28788

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...

CVE-2026-33945 Abitrary file write through systemd-creds option

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like...

CVE-2026-33945 Abitrary file write through systemd-creds option

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like...

CVE-2026-33945

Incus (system container/VM manager) before version 6.23.0 allows privilege escalation via credentials to systemd in the guest. In containers, credentials are passed through a shared directory; an attacker can set a config key like systemd.credential.../../../../../../root/.bashrc, exploiting that...