Directory Traversal

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the linkpath parameter during archive extraction. An attacker can overwrite arbitrary files or create malicious symbolic links by crafting a ta...

Directory Traversal

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of the linkpath parameter during archive extraction. An attacker can overwrite arbitrary files or create malicious symbolic links ...

Directory Traversal

Overview Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper Affected versions of this package are vulnerable to Directory Traversal via the Docker API endpoints that accept file:// URLs. An attacker can access sensitive files on the server filesystem by submitting crafted...

Directory Traversal

Overview wlc is an A command-line utility for Weblate, translation tool with tight version control integration Affected versions of this package are vulnerable to Directory Traversal via unsanitized component slugs from the Weblate server during multi-translation downloads. An attacker can write...

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

MiracleLinux 4 : subversion-1.6.11-15.AXS4 (AXSA:2015-438:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-438:03 advisory. Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files a...

MiracleLinux 4 : httpd-2.2.15-26.0.1.AXS4 (AXSA:2013-123:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-123:02 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2008-0455 Cross-site scripti...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003576)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003576 advisory. Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selectiv...

MiracleLinux 4 : firefox-31.2.0-3.0.1.AXS4 (AXSA:2014-595:06)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-595:06 advisory. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed wi...

MiracleLinux 3 : gnupg-1.4.5-18.AXS3.1 (AXSA:2014-247:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-247:01 advisory. GnuPG GNU Privacy Guard is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003677)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003677 advisory. Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selectiv...

MiracleLinux 7 : ruby-2.0.0.648-33.0.1.el7.AXS7 (AXSA:2018-2583:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2583:01 advisory. It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploi...

MiracleLinux 4 : spice-gtk-0.20-11.AXS4 (AXSA:2014-014:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-014:01 advisory. Client libraries for SPICE desktop servers. Security issues fixed with this release: CVE-2013-4324 spice-gtk 0.14, and possibly other versions, invokes the...

MiracleLinux 7 : curl-7.29.0-25.0.1.el7.AXS7 (AXSA:2015-843:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-843:01 advisory. curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FIL...

openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20034-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20034-1 advisory. - Update to Tomcat 9.0.111 - Security fixes: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. -...

MiracleLinux 3 : firefox-31.2.0-3.0.1.AXS3 (AXSA:2014-594:07)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-594:07 advisory. Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed wi...

MiracleLinux 4 : php-5.3.3-22.AXS4 (AXSA:2013-117:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-117:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...

MiracleLinux 3 : php-5.1.6-43.0.1.AXS3 (AXSA:2014-315:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-315:01 advisory. PHP is an HTML-embedded scripting language that allows developers to write dynamically generated web pages. PHP is ideal for writing database-enabled...

MiracleLinux 3 : httpd-2.2.3-76.0.1.AXS3 (AXSA:2013-45:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-45:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2008-0455 Cross-site scriptin...