7.1
CVE-2026-40518 - ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode
ByteDance DeerFlow before commitย 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory creatโฆ
8.8
CVE-2026-3464 - WP Customer Area <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Read/Deletion via ajax_attacโฆ
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and including, 8.3.4. This makes it possible for authenticated attackers with a role that an administrator gโฆ
7.3
CVE-2026-21733 - RESERVED
Vulnerability in Imagination Technologies Graphics DDK on Linux, Android --ย RESERVED
7.8
CVE-2026-40516 - OpenHarness SSRF via web_fetch and web_search
OpenHarness before commitย bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper validation of target addresses. Attackers can influence an โฆ
8.7
CVE-2026-40515 - OpenHarness Permission Bypass via grep and glob root argument
OpenHarness before commitย bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not properโฆ
6.7
CVE-2026-21709 -
A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement.
5.3
CVE-2026-6497 - prasathmani TinyFileManager File Upload filemanager.php server-side request forgery
A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the component File Upload Handler. This manipulation of the argument uploadurl causes server-side request forgโฆ
9.3
CVE-2026-6284 - Horner Automation Cscape and XL4, XL7 PLC Weak password requirements
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible.
5.3
CVE-2026-6496 - prasathmani TinyFileManager POST Parameter filemanager.php path traversal
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file[] results in path traversal. The attack may be performed from remote. The exploit has been โฆ
5.8
CVE-2026-41153 -
In JetBrains Junie before 252.549.29 command execution was possible via malicious project file