IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.2 RCE (7258224)

The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a remote code execution vulnerability as referenced in the 7258224 advisory. - IBM WebSphere Application Server Liberty could allow a privileged user to upload a zip archive containing path traversal...

EulerOS Virtualization 2.10.0 : aide (EulerOS-SA-2026-1153)

According to the versions of the aide package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability...

PYSEC-2026-114

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences e.g., '../' in the URL. For example, requesting...

CVE-2020-37041

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences e.g., '../' in the URL. For example, requesting...

PYSEC-2026-114

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences e.g., '../' in the URL. For example, requesting...

CVE-2020-37041

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences e.g., '../' in the URL. For example, requesting...

CVE-2020-37041 OpenCTI 3.3.1 - Directory Traversal

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences e.g., '../' in the URL. For example, requesting...

CVE-2020-37041

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences e.g., '../' in the URL. For example, requesting...

CVE-2020-37041

CVE-2020-37041 is confirmed in OpenCTI 3.3.1 to have a directory traversal vulnerability via the /static/css endpoint. An unauthenticated attacker can read arbitrary filesystem files by crafting GET requests containing path traversal sequences (for example, /static/css//../../../../../../../../et...

CVE-2020-37041 OpenCTI 3.3.1 - Directory Traversal

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences e.g., '../' in the URL. For example, requesting...

Directory Traversal

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Directory Traversal via the TechdocsGenerator function when processing documentation from...

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the jsStringEscape function. An attacker can execute arbitrary code in generated files by injecting / sequences that breaks out of JavaScript comment blocks. Note: This vulnerability stems from an...

Orval has Code Injection via unsanitized x-enum-descriptions using JS comments

CVE-2026-23947 had an incomplete fix While the current jsStringEscape function properly handles single quotes ', double quotes " and other characters, it fails to sanitize and / characters. This allows attackers to break out of JavaScript comment blocks using / sequences and inject arbitrary code...

GHSA-GCH2-PHQH-FG9Q Orval has Code Injection via unsanitized x-enum-descriptions using JS comments

CVE-2026-23947 had an incomplete fix While the current jsStringEscape function properly handles single quotes ', double quotes " and other characters, it fails to sanitize and / characters. This allows attackers to break out of JavaScript comment blocks using / sequences and inject arbitrary code...

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary IBM WebSphere Application Server Liberty is affected by a remote code execution vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a privileged user to...

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.6 Vulnerability Details CVEID:CVE-2021-3999 DESCRIPTION: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A loc...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF008. Vulnerability Details CVEID:CVE-2019-17543 DESCRIPTION: LZ4 before 1.9.2 has a heap-based buffer overflow in...

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and...

Umbraco.Forms has Path Traversal and File Enumeration Vulnerabilities in Linux/Mac

Impact It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud runs in a Windows environment, Cloud users aren't affected. Patches This issue affect...