CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the BytesGenerator class in the email module due to unquoted newlines when serializing an email message. An attacker could perform email spoofing, data exfiltration, or content manipulation by injecting malicious CRLF...

Exploit for CVE-2026-24061

CVE-2026-24061 GNU inetutils-telnetd - Remote Authenticati...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the TUF client. An attacker can overwrite arbitrary files on the filesystem by supplying crafted target metadata that causes path traversal outside the intended cache directory. Note: This is only exploitable if...

CVE-2025-69612

A path traversal vulnerability exists in TMS Management Console version 6.3.7.27386.20250818 from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences ../ in the filePath parameter, allowing authenticated users to read...

📄 NodeJS 24.x Path Traversal

NodeJS version 24.x precise windows path traversal proof of concept exploit that leverages reserved device names. ============================================================================================================================================= | Title : NodeJS 24.x Precise Windows Pat...

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper settings of refcount and delayednode pointer sequences. This vulnerability may lead to...

CVE-2026-21521

Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-21521

Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-21521

CVE-2026-21521 affects Copilot and corresponds to an information-disclosure vulnerability caused by improper neutralization of escape, meta, or control sequences. The Red Hat, NVD, Microsoft, EUVD, and other sources consistently describe an unauthorized attacker disclosing information over a netw...

Directory Traversal

Overview apple/container is an A tool for creating and running Linux containers using lightweight virtual machines on a Mac. It is written in Swift, and optimized for Apple silicon. Affected versions of this package are vulnerable to Directory Traversal via the extractContents function. An attack...

Directory Traversal

Overview containerization is a Containerization is a Swift package for running Linux containers on macOS. Affected versions of this package are vulnerable to Directory Traversal via the extractContents function. An attacker can write files to arbitrary user-writable locations on the system by...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to using an image with a metadata.yaml containing templates. An attacker can read or overwrite arbitrary files on the host system, potentially leading to execution of arbitrary commands with elevated privileges, ...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to using an image with a metadata.yaml containing templates. An attacker can read or overwrite arbitrary files on the host system, potentially leading to execution of arbitrary commands with elevated privileges, ...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the joinCleanPath function. An attacker can access sensitive information by supplying crafted input that causes traversal outside of intended directories. Details A Directory Traversal attack also known as path...

CVE-2023-7335

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames parameter to read arbitrary files from the server filesystem,...

CVE-2023-7335

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames parameter to read arbitrary files from the server filesystem,...

CVE-2023-7335

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames parameter to read arbitrary files from the server filesystem,...

CVE-2023-7335 EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames parameter to read arbitrary files from the server filesystem,...

CVE-2023-7335 EduSoho < 22.4.7 Arbitrary File Read via classroom-course-statistics

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames parameter to read arbitrary files from the server filesystem,...

EUVD-2026-4096

EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames parameter to read arbitrary files from the server filesystem,...