20762 matches found
GHSA-4753-CMC8-8J9V GoDoxy has a Path Traversal Vulnerability in its File API
Summary The file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath = "config" a relative path. No sanitization or validation is applied beyond checking that...
GoDoxy has a Path Traversal Vulnerability in its File API
Summary The file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath = "config" a relative path. No sanitization or validation is applied beyond checking that...
EUVD-2026-14885
NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...
DEBIAN-CVE-2026-28753
NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...
ALPINE-CVE-2026-28753
NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...
CVE-2026-28753
NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...
CVE-2026-28753
NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...
UBUNTU-CVE-2026-28753
NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...
CVE-2026-28753
NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...
CVE-2026-28753 NGINX ngx_mail_proxy_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...
CVE-2026-28753
CVE-2026-28753 affects NGINX Plus and NGINX Open Source through the ngx_mail_smtp_module. The vulnerability arises from improper handling of CRLF sequences in DNS responses, which could allow an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, enabling poten...
CVE-2026-28753
NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...
CVE-2026-28753 NGINX ngx_mail_proxy_module vulnerability
NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...
CVE-2026-28753
NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...
Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty and Expat that are shipped with IBM CICS TX Standard.
Summary Security vulnerabilities may affect IBM WebSphere Liberty and Expat that are shipped with IBM CICS TX Standard CVE-2025-14914, CVE-2022-23990, CVE-2024-28757, CVE-2025-59375 and CVE-2025-12635. IBM WebSphere Liberty and Expat have been updated within IBM CICS TX Standard to address these...
Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.
Summary IBM DevOps Release 7.0.0.6 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication...
K000160367: NGINX ngx_mail_smtp_module vulnerability CVE-2026-28753
Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to...
API Security for AI Agents: Why Protection Has Never Been More Important.
For years, a lot of risky APIs survived simply because they were hard to find. They weren’t documented. Only a handful of engineers knew the endpoints. And if an attacker wanted to abuse them, they had to spend real time reverse‑engineering traffic and guessing how things worked. That “security b...
CVE-2026-33195
A flaw was found in Active Storage, a component of Rails applications that manages file attachments. This vulnerability allows an attacker to manipulate file paths by using specially crafted input in blob keys. This manipulation can lead to unauthorized reading, writing, or deletion of arbitrary...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the pathfor function in DiskService. An attacker can read, write, or delete arbitrary files on the server by supplying blob keys containing path traversal sequences like ../. Note: In most cases, blob keys are...