org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

CVE-2026-2469

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

PT-2026-8388

Name of the Vulnerable Software and Affected Versions Rocket TRUfusion Enterprise versions through 7.10.5 Description Rocket TRUfusion Enterprise through version 7.10.5 has a path traversal issue in the WsPortalV6UpDwAxis2Impl service, accessible via the API endpoint...

ROS-20260216-73-0011

A vulnerability in the io.netty.handler.codec.http.HttpRequestEncoder component of the Netty networking tool is related to the failure to take measures to neutralize CRLF sequences when processing the HttpRequestEncoder parameter. Exploitation of the vulnerability could allow an attacker acting...

Linux Distros Unpatched Vulnerability : CVE-2026-2604

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft...

Exploit for CVE-2025-4517

CVE-2025-4517 / CVE-2025-4330 — Python tarfile Data Filter B...

CVE-2026-26187

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...

ARGUS

ARGUS - All-seeing Recon & General Unified Security...

ImapEngine affected by command injection via the ID command parameters

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

GHSA-RFQ9-4WCM-64GH ImapEngine affected by command injection via the ID command parameters

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

CVE-2026-2469

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

CVE-2026-2469

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

CVE-2026-2469

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

CVE-2026-2469

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

CVE-2026-2469

CVE-2026-2469 affects directorytree/imapengine prior to 1.22.3. The root cause is improper escaping in ImapConnection.php when constructing IMAP ID commands, allowing injection via id() inputs (quotes or CRLF). Impact includes reading/deleting emails, terminating sessions, or issuing any IMAP com...

SUSE CVE-2026-25996

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

PT-2026-8056

Name of the Vulnerable Software and Affected Versions directorytree/imapengine versions prior to 1.22.3 Description The software contains a flaw due to improper handling of user-supplied data before it is used in IMAP ID commands within the ImapConnection.php file. Specifically, the id function...

ImapEngine 安全漏洞

ImapEngine is an email management interface developed by DirectoryTree. Versions of ImapEngine prior to 1.22.3 contained security vulnerabilities. These vulnerabilities stemmed from the id function in ImapConnection.php, which had improper handling of user input. This could allow attackers to rea...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the verifyRelPath function, which uses strings.HasPrefix to verify that requested paths fall within the configured storage directory. An attacker can access files outside their designated storage boundaries by...

CVE-2026-26187

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...