CVE-2025-69601

CVE-2025-69601 affects 66biolinks v44.0.0 (AltumCode) in the app’s “Static Sites” feature. A Zip Slip directory traversal occurs when ZIP archives are uploaded, as files are extracted without path validation, allowing traversal sequences (e.g., ../) to write outside the extraction directory. Repo...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the soupmessageheaderssetcontentdisposition function. An attacker can inject arbitrary HTTP headers by supplying specially crafted input containing CRLF sequences to the Content-Disposition header. Remediation A fix w...

CVE-2026-24741

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...

CVE-2026-24741

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...

CVE-2026-24741 ConvertX Vulnerable to Arbitrary File Deletion via Path Traversal in `POST /delete`

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...

CVE-2026-24741 ConvertX Vulnerable to Arbitrary File Deletion via Path Traversal in `POST /delete`

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...

CVE-2026-24741

Summary: CVE-2026-24741 affects ConvertX, a self-hosted online file converter. Versions prior to 0.17.0 allow a crafted filename in the POST /delete endpoint to form a filesystem path and call unlink without proper validation, enabling path traversal (e.g., ../) to delete arbitrary files outside ...

EUVD-2026-4739

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...

CVE-2026-24741 ConvertX Vulnerable to Arbitrary File Deletion via Path Traversal in `POST /delete`

ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the POST /delete endpoint uses a user-controlled filename value to construct a filesystem path and deletes it via unlink without sufficient validation. By supplying path traversal sequences e.g., ../, an attacker can...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to the disabled Rack::Protection module. An attacker can access arbitrary files on the server by sending specially crafted requests that exploit the lack of input validation. This can lead to exposure of sensitiv...

Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Data management console

Summary IBM Db2 Data management console has several dependent packages with vulnerabilities. This bulletin describes the upgrades necessary to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This iss...

CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

DEBIAN-CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

AZL-76373 CVE-2026-1467 affecting package libsoup for versions less than 3.4.4-12

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

AZL-76398 CVE-2026-1467 affecting package libsoup 3.0.4-12

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

UBUNTU-CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

Exploit for Deserialization of Untrusted Data in Facebook React

!Image Althttps://github.com/AsadAhmad-1337/React-2-Shell/blo...

CVE-2026-1467 Libsoup: libsoup: http header injection via specially crafted urls when an http proxy is configured

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...

CVE-2026-1467

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF Carriage Return Line Feed Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing ...