4784 matches found
1Panel SQL Injection - Authenticated
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...
CVE-2026-58499
EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message senderid field was not validated as a path-safe identifier, unlike appid and projectid. During user-memory extraction, senderid i...
CVE-2026-57217
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, RabbitMQ topic authorization can allow restricted topic writes and binds during metadata-store failures because topic-permission lookup errors from Khepri can collapse to undefined, which the internal backe...
CVE-2026-45203 GPU DDK - rgxfw_hwperf_ufo() re-reads psCmdHeader->ui32CmdSize after initial check, TOCTOU
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
CVE-2026-45203
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...
CVE-2026-45196
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation...
CVE-2026-58499
EverOS is affected by a path-traversal vulnerability in the POST /api/v1/memory/add ingestion endpoint prior to version 1.0.1. The per-message sender_id was not validated as a path-safe identifier, unlike app_id/project_id, and is used as owner_id to build the filesystem path for persisting extra...
CVE-2026-40005
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...
EUVD-2026-42833
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...
CVE-2026-40005
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...
CVE-2026-23562
The CVE-2026-23562 entry concerns RBAC mis-configuration in XAPI. The advisory notes that the PCI passthrough configuration was normally restricted to pool-admin, but one API did not enforce this check, allowing a vm-admin to access unintended host hardware. This is described alongside related RB...
CVE-2026-23561 Multiple RBAC issues in XAPI
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...
CVE-2026-59820
A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. An authenticated user, with specific API route access, could upload a specially crafted skill archive. This archive, containing path traversal entries, would allow files to be written outside of the designated extracti...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...
CVE-2026-47826
The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary files and exfiltrate sensitive information. Affected versions: BOSH CLI tool versions prior to v7.10.4...
CVE-2026-54591
AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../...
CVE-2026-57248
When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release...