CVE-2020-37219

Joomla extension com_fabrik 3.9.11 contains a directory traversal vulnerability in image.php that lets unauthenticated attackers enumerate arbitrary files. By manipulating the folder parameter in onAjax_files, attackers can use path traversal sequences to list files in system directories outside ...

CVE-2020-37219 Joomla com_fabrik 3.9.11 Directory Traversal via image.php

Joomla comfabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjaxfiles method with path traversal sequences to enumerate files in system directories...

CVE-2020-37219 Joomla com_fabrik 3.9.11 Directory Traversal via image.php

Joomla comfabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjaxfiles method with path traversal sequences to enumerate files in system directories...

Generation of Error Message Containing Sensitive Information

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information...

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences

...

Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

Summary Composer leaks the full contents of tokens configured as GitHub OAuth tokens if they do not match Composer's expected format for such tokens to stderr. GitHub has introduced a new format for GitHub Actions GITHUBTOKEN values. These tokens are validated in the same way by Composer on GitHu...

EUVD-2026-29850

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

fast-xml-parser 安全漏洞

fast-xml-parser is an open-source library developed by Natural Intelligence. It is used for quickly validating, parsing, and constructing XML documents without relying on C/C++-based libraries or callbacks. A security vulnerability exists in the version 1.1.5 of fast-xml-parser. This vulnerabilit...

protobuf.js 安全漏洞

protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 and 8.0.2 of protobuf.js h...

Angular 路径遍历漏洞

Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular versions prior to 19.0.0-next.0, 20.3.25, 21.2.9, and 22.0.0-next.7 contain a path traversal vulnerability. This...

CentOS 9 : python-markdown-3.3.4-5.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- markdown-3.3.4-5.el9 build changelog. - Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an...

Memory Forensics Techniques for Automated Detection and Analysis of Go Malware

The Go programming language has become increasingly popular among malware developers due to its ability to produce statically linked, cross-platform executables that challenge traditional analysis techniques. These binaries embed a substantial runtime and compiler-generated metadata and are...

PT-2026-40620

Joomla com fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax files method with path traversal sequences to enumerate files in system directori...

PT-2026-44988

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.44.0 Description When the server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. Because the validity check is field value is performed before decoding,...

PT-2026-40672

Name of the Vulnerable Software and Affected Versions BIG-IP SSL Orchestrator affected versions not specified Description A directory traversal issue allows an authenticated attacker with high privileges to overwrite, delete, or corrupt arbitrary local files. Directory traversal is a flaw that...

Accelerating detection engineering using AI-assisted synthetic attack logs generation

In this article 1. Core Idea: From TTPs to Logs 2. Approaches for Synthetic Attack Log Generation 3. Evaluation Datasets 4. References 5. Learn more Logs and telemetry are the foundation of modern cybersecurity. They enable threat detection, incident response, forensic investigation, and complian...

Accelerating detection engineering using AI-assisted synthetic attack logs generation

In this article 1. Core Idea: From TTPs to Logs 2. Approaches for Synthetic Attack Log Generation 3. Evaluation Datasets 4. References 5. Learn more Logs and telemetry are the foundation of modern cybersecurity. They enable threat detection, incident response, forensic investigation, and complian...

Directory Traversal

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Directory Traversal via the extensionName parameter in the POST /api/extensions/delete endpoint when input is not properly sanitized before validation. An attacker can cause permanent deleti...

esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files

Summary A Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return arbitrary files from the host filesystem during the build process. Details The vulnerable...

GHSA-RG65-45M7-HQ57 esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files

Summary A Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return arbitrary files from the host filesystem during the build process. Details The vulnerable...