CVE-2021-47749 YouPHPTube <= 7.8 - Directory Traversal

YouPHPTube = 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the...

Directory Traversal

Overview guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can overwrite arbitrary files and potentially execute code by crafting a malicious archive with path...

jaraco.context Has a Path Traversal Vulnerability

Summary There is a Zip Slip path traversal vulnerability in the jaraco.context package affecting setuptools as well, in jaraco.context.tarball function. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The...

Directory Traversal

Overview jaraco.context is an Useful decorators and context managers Affected versions of this package are vulnerable to Directory Traversal via the stripfirstcomponent function. An attacker can access or create arbitrary files outside the intended extraction directory by supplying a crafted tar...

GHSA-58PV-8J8X-9VJ2 jaraco.context Has a Path Traversal Vulnerability

Summary There is a Zip Slip path traversal vulnerability in the jaraco.context package affecting setuptools as well, in jaraco.context.tarball function. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The...

Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal

Impact Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attacker...

GHSA-3558-J79F-VVM6 Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal

Impact Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attacker...

ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

Impact Vulnerability Type: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. Affected Users: Users...

GHSA-562R-8445-54R2 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

Impact Vulnerability Type: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. Affected Users: Users...

xworm-c2-path-traversal

XWorm C2 Path Traversal Vulnerability Affected Versions...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to command injection due to the Netty package (CVE-2025-59419)

Summary Netty is used by DataStage on Cloud Pak for Data as part of the event processing functionality. Vulnerability Details CVEID:CVE-2025-59419 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec ...

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability has been...

curl: Gopher Protocol Command Injection (SSRF Smuggling)

Summary The curl Gopher protocol handler is vulnerable to command injection through URL-encoded CRLF sequences in the path. This allows an attacker to "smuggle" additional Gopher selectors or arbitrary commands into a single Gopher request. By using %0d%0a in the URL, an attacker can break the...

Security Bulletin: IBM Terracotta affected by Spring Framework vulnerabilities CVE-2022-22965, CVE-2022-22970, CVE-2025-41242

Summary Spring Framework vulnerabilities CVE-2022-22965, CVE-2022-22970, CVE-2025-41242 are addressed in the IBM Teracotta product Vulnerability Details CVEID:CVE-2022-22965 DESCRIPTION: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE vi...

PT-2026-2366

Name of the Vulnerable Software and Affected Versions Owlfiles File Manager version 12.0.1 Description Owlfiles File Manager version 12.0.1 contains a path traversal issue in its built-in HTTP server. This allows attackers to access system directories by crafting GET requests with directory...

PT-2026-2415

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description e107 CMS version 3.2.1 has a file upload issue. Authenticated administrators can overwrite server files using path traversal. The issue is located in the Media Manager’s remote URL upload functionality,...

PT-2026-3523

Name of the Vulnerable Software and Affected Versions jaraco.context versions prior to 6.1.0 Description jaraco.context, a software package providing decorators and context managers, contains a path traversal issue in the jaraco.context.tarball function. The issue allows attackers to extract file...

PT-2026-2358

Name of the Vulnerable Software and Affected Versions YouPHPTube versions prior to 7.9 Description The software contains a local file inclusion issue that allows unauthenticated attackers to access arbitrary files. This is possible by manipulating the lang parameter in GET requests. The path...

PT-2026-2360

Name of the Vulnerable Software and Affected Versions CuteEditor for PHP now referred to as Rich Text Editor version 6.6 Description The software contains a directory traversal issue in the browse template feature. This allows attackers to write files to arbitrary web root directories by exploiti...

MiracleLinux 7 : kernel-3.10.0-1160.119.1.0.15.el7.AXS7 (AXSA:2025-10986:81)

"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10986:81 advisory. ASoC: topology: Clean up route loading CVE-2024-41069 ASoC: topology: Fix references to freed memory CVE-2024-41069 drm/dpmst: Fix MST sideband...