10947 matches found
CVE-2026-45668 Trilium Notes : Note Import to RCE via #docName Path Traversal (Safe Import Enabled)
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via docName path traversal and XSS by combining a payload note type: code, mime:...
CVE-2026-45668
CVE-2026-45668 affects Trilium Notes prior to 0.102.2. A malicious ZIP imported with Safe Import enabled can lead to remote code execution via a #docName path traversal and XSS by combining a payload note (type: code, mime: text/plain) containing HTML/JS with a trigger note (type: doc or launcher...
CVE-2026-45668
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via docName path traversal and XSS by combining a payload note type: code, mime:...
EUVD-2026-33376
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via docName path traversal and XSS by combining a payload note type: code, mime:...
GHSA-HWC4-GMRW-5222 Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename
Summary filepath.Base on the Linux container does not strip backslashes , because \ is only a path separator on Windows. A multipart filename like ........\Windows\System32\evil.pdf survives Gotenberg's input sanitisation and lands verbatim as the zip entry name when a multi-output route...
Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename
Summary filepath.Base on the Linux container does not strip backslashes , because \ is only a path separator on Windows. A multipart filename like ........\Windows\System32\evil.pdf survives Gotenberg's input sanitisation and lands verbatim as the zip entry name when a multi-output route...
CVE-2026-39276
The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...
OESA-2026-2497 python-pip security update
%changelog Thu Apr 9 2026 yixiangzhike [email protected] - 23.3.1-10 - Fix CVE-2026-25645 Security Fixes: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavio...
CVE-2026-9559
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...
CVE-2025-41280
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...
CVE-2026-9508
Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...
EUVD-2026-33282
Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...
CVE-2026-9508 Incorrect Permission Assignment for Critical Resource vulnerability in Suprema's BioStar
Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...
CVE-2025-41280
CVE-2025-41280 affects Waterfall WF-500 RX Host (version 7.9.1.0 R2502171040). The vulnerability is a CWE-23 Relative Path Traversal (Zip Slip) in the MySQL connector scenario when file compression is enabled, allowing a user with access to the TX Host to execute code on the RX Host. Documented i...
CVE-2025-41280
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...
CVE-2025-41280
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...
CVE-2025-41280
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...
EUVD-2025-210000
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...
CVE-2026-9559
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...
📄 Grav CMS Shell Upload
The Grav CMS Direct Install feature in the Admin plugin allows administrators to upload plugins as ZIP files. The system failed to adequately validate the contents of the ZIP archive or prevent path traversal Zip Slip during extraction. By crafting a malicious plugin that hooks into Grav events...