π¨ CVE-2026-21851
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue.
π@cveNotify
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue.
π@cveNotify
GitHub
Fix Zip Slip vulnerability in NGC private bundle download (#8682) Β· Project-MONAI/MONAI@4014c84
Replaced the unsafe `zipfile.extractall()` in
`_download_from_ngc_private` with MONAI's safe extraction utility.
Prevents path traversal via crafted zip member paths (CWE-22).
### Descript...
`_download_from_ngc_private` with MONAI's safe extraction utility.
Prevents path traversal via crafted zip member paths (CWE-22).
### Descript...
π¨ CVE-2026-21857
REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue.
π@cveNotify
REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue.
π@cveNotify
GitHub
Release Version 5.20.2 Β· redaxo/redaxo
REDAXO-Core 5.20.2 β 05.01.2026
Bugfixes
rex_editor: in PHP 8.5 kam es teils zu Deprecated-Meldungen (@gharlan)
EOL-Daten fΓΌr PHP/MySQL/MariaDB aktualisiert (@gharlan)
backup 2.9.4 β 05.01.2026
S...
Bugfixes
rex_editor: in PHP 8.5 kam es teils zu Deprecated-Meldungen (@gharlan)
EOL-Daten fΓΌr PHP/MySQL/MariaDB aktualisiert (@gharlan)
backup 2.9.4 β 05.01.2026
S...
π¨ CVE-2017-20212
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.
π@cveNotify
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.
π@cveNotify
Cxsecurity
FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures - CXSecurity.com
Gjoko 'LiquidWorm' Krstic has realised a new security note FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures
π¨ CVE-2017-20213
FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.
π@cveNotify
FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.
π@cveNotify
Cxsecurity
FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure - CXSecurity.com
Gjoko 'LiquidWorm' Krstic has realised a new security note FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure
π¨ CVE-2017-20214
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.
π@cveNotify
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.
π@cveNotify
Cxsecurity
FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials - CXSecurity.com
Gjoko 'LiquidWorm' Krstic has realised a new security note FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials
π¨ CVE-2017-20215
FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.
π@cveNotify
FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.
π@cveNotify
Cxsecurity
FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection - CXSecurity.com
Gjoko 'LiquidWorm' Krstic has realised a new security note FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection
π¨ CVE-2017-20216
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-06 (UTC).
π@cveNotify
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-06 (UTC).
π@cveNotify
Cxsecurity
FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root - CXSecurity.com
Gjoko 'LiquidWorm' Krstic has realised a new security note FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root
π¨ CVE-2019-25231
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.
π@cveNotify
devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot.
π@cveNotify
Cxsecurity
devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation - CXSecurity.com
Stefan Petrushevski has realised a new security note devolo dLAN Cockpit 4.3.1 Unquoted Service Path Privilege Escalation
π¨ CVE-2019-25259
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.
π@cveNotify
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.
π@cveNotify
Ibmcloud
IBM X-Force Exchange
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2019-25268
NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code.
π@cveNotify
NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code.
π@cveNotify
Cxsecurity
NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution - CXSecurity.com
LiquidWorm has realised a new security note NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution
β€1
π¨ CVE-2019-25270
SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. Attackers can exploit this weakness by sending crafted POST requests to execute arbitrary HTML and script code in a victim's browser session.
π@cveNotify
SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. Attackers can exploit this weakness by sending crafted POST requests to execute arbitrary HTML and script code in a victim's browser session.
π@cveNotify
Cxsecurity
SOCA Access Control System 180612 Cross Site Scripting - CXSecurity.com
LiquidWorm has realised a new security note SOCA Access Control System 180612 Cross Site Scripting
π¨ CVE-2019-25277
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing authentication credentials and conducting phishing attacks.
π@cveNotify
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing authentication credentials and conducting phishing attacks.
π@cveNotify
Cxsecurity
FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting - CXSecurity.com
LiquidWorm has realised a new security note FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting
π¨ CVE-2019-25278
FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.
π@cveNotify
FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.
π@cveNotify
Ibmcloud
IBM X-Force Exchange
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
β€1
π¨ CVE-2019-25279
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without additional authentication.
π@cveNotify
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without additional authentication.
π@cveNotify
Ibmcloud
IBM X-Force Exchange
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2019-25280
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.
π@cveNotify
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions.
π@cveNotify
Cxsecurity
Yahei-PHP Prober 0.4.7 HTML Injection - CXSecurity.com
LiquidWorm has realised a new security note Yahei-PHP Prober 0.4.7 HTML Injection
π¨ CVE-2019-25282
V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting improper input validation in the redirect mechanism.
π@cveNotify
V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting improper input validation in the redirect mechanism.
π@cveNotify
Cxsecurity
V-SOL GPON/EPON OLT Platform 2.03 Link Manipulation - CXSecurity.com
LiquidWorm has realised a new security note V-SOL GPON/EPON OLT Platform 2.03 Link Manipulation
π¨ CVE-2019-25284
V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnerabilities by injecting malicious HTML and script code to execute arbitrary scripts in a victim's browser session.
π@cveNotify
V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnerabilities by injecting malicious HTML and script code to execute arbitrary scripts in a victim's browser session.
π@cveNotify
Cxsecurity
V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting - CXSecurity.com
LiquidWorm has realised a new security note V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting
π¨ CVE-2026-21868
Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (ReDoS) vulnerability in the user profile API endpoint (/api/user/[username]). The application constructs a regular expression dynamically using unescaped user input (the username parameter). An attacker can exploit this by sending a specially crafted username containing regex meta-characters (e.g., deeply nested groups or quantifiers), causing the MongoDB regex engine to consume excessive CPU resources. This can lead to Denial of Service for other users. The issue is fixed in version 2.3.3. To workaround this issue, implement a Web Application Firewall (WAF) rule to block requests containing regex meta-characters in the URL path.
π@cveNotify
Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (ReDoS) vulnerability in the user profile API endpoint (/api/user/[username]). The application constructs a regular expression dynamically using unescaped user input (the username parameter). An attacker can exploit this by sending a specially crafted username containing regex meta-characters (e.g., deeply nested groups or quantifiers), causing the MongoDB regex engine to consume excessive CPU resources. This can lead to Denial of Service for other users. The issue is fixed in version 2.3.3. To workaround this issue, implement a Web Application Firewall (WAF) rule to block requests containing regex meta-characters in the URL path.
π@cveNotify
GitHub
ReDoS Vulnerability in User Profile Lookup
### Impact
Regular Expression Denial of Service (ReDoS) vulnerability exists in the user profile API endpoint (/api/user/[username]). The application constructs a regular expression dynamically u...
Regular Expression Denial of Service (ReDoS) vulnerability exists in the user profile API endpoint (/api/user/[username]). The application constructs a regular expression dynamically u...
π¨ CVE-2026-21877
n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.
π@cveNotify
n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.
π@cveNotify
GitHub
fix(Git Node): Throw an error if the repository path is blocked (#22253) Β· n8n-io/n8n@f4b009d
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations. - fix(Git Node): Throw an error if the repository path is blocked (#22253) Β· n8n-io/n8n@f4b009d
π¨ CVE-2026-22035
Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311.
π@cveNotify
Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311.
π@cveNotify
GitHub
Merge commit from fork Β· greenshot/greenshot@5dedd5c
* Sanitize External Command Arguments in Order to Avoid OS Command Injection
* Update Change Log
* Update Change Log