TencentOS Server 4: pcs (TSSA-2025:0255)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0255 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: unbound (TSSA-2025:0512)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0512 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: tomcat (TSSA-2025:0440)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0440 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: pcs (TSSA-2025:0213)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0213 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: pcs (TSSA-2025:0257)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0257 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: less (TSSA-2024:0610)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0610 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: libtomcrypt (TSSA-2025:0362)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0362 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: git (TSSA-2025:0455)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0455 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in ZIP archives. An attacker can exploit this vulnerability by convincing a user to open or extract a crafted ZIP file containing malicious symlinks to unintended directories,...

EUVD-2025-198168

A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.savefile method in core/storage.py uses filenames from user input without validation to construct savepath and save...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the extractPackageTarball function. An attacker can write arbitrary files to unintended locations on the server by supplying a malicious tarball with crafted file paths and leveraging the X-Npmrc header to specify...

GHSA-H3MW-4F23-GWPW esm.sh CDN service has arbitrary file write via tarslip

Summary The esm.sh CDN service is vulnerable to a Path Traversal CWE-22 vulnerability during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g., package/../../tmp/evil.js. When esm.sh downloads and extracts this package, file...

esm.sh CDN service has arbitrary file write via tarslip

Summary The esm.sh CDN service is vulnerable to a Path Traversal CWE-22 vulnerability during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g., package/../../tmp/evil.js. When esm.sh downloads and extracts this package, file...

CVE-2025-51661

A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.savefile method in core/storage.py uses filenames from user input without validation to construct savepath and save...

CVE-2025-51661

A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.savefile method in core/storage.py uses filenames from user input without validation to construct savepath and save...

Directory Traversal

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Directory Traversal via a mismatch in path normalization between routing and middleware validation. An attacker can access protected...

CVE-2025-54972

An improper neutralization of crlf sequences 'crlf injection' vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject headers in the response via convincing a user to click on a...

Security Bulletin: Astronomer with IBM is vulnerable to several issues due to open source packages

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2005-2541 DESCRIPTION: Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gai...

Security Bulletin: Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management have been addressed in 2.3 FP12 Vulnerability Details CVEID:CVE-2024-51504 DESCRIPTION: When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this onl...

SonicWall Email Security Affected By Multiple Vulnerabilities

1 CVE-2025-40604 - Download of Code Without Integrity Check VulnerabilityDownload of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system...