20713 matches found
Directory Traversal
Overview org.webjars.npm:i18next-http-backend is an i18next-http-backend is a backend layer for i18next using in Node.js, in the browser and for Deno. Affected versions of this package are vulnerable to Directory Traversal or other URL manipulation, via unsanitized interpolation of lng and ns...
Directory Traversal
Overview i18next-http-backend is an i18next-http-backend is a backend layer for i18next using in Node.js, in the browser and for Deno. Affected versions of this package are vulnerable to Directory Traversal or other URL manipulation, via unsanitized interpolation of lng and ns values in the...
Directory Traversal
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Directory Traversal via the upload function. An attacker can write arbitrary files to the filesystem and execute remote code by uploading a crafted ZIP archive containing...
Directory Traversal
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Directory Traversal in the restore process. An attacker can write arbitrary files to the filesystem and execute code by uploading a specially crafted ZIP archive containin...
DEBIAN-CVE-2026-35375
A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...
DEBIAN-CVE-2026-35377
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...
CVE-2026-35375
A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...
CVE-2026-35377
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...
DEBIAN-CVE-2026-35366
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
CVE-2026-35366
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
DEBIAN-CVE-2026-35346
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...
CVE-2026-35346
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...
CVE-2026-35375
A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...
UBUNTU-CVE-2026-35375
A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...
CVE-2026-35377
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...
CVE-2026-35346
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...
CVE-2026-35366
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
UBUNTU-CVE-2026-35377
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...
UBUNTU-CVE-2026-35366
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
UBUNTU-CVE-2026-35346
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...