EUVD-2025-84342

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...

CVE-2025-11697

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...

CVE-2025-11697

The CVE-2025-11697 entry describes a local code-execution vulnerability in Rockwell Automation’s Studio 5000 Simulation Interface exposed via the API. The issue allows a Windows user on the system to perform path-traversal file access, leading to execution of scripts with Administrator privileges...

CVE-2025-11697 Studio 5000 ® Simulation Interface Local Code Execution

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...

CVE-2025-11697 Studio 5000 ® Simulation Interface Local Code Execution

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...

PT-2025-46344

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...

curl: libcurl FTP path normalization flaw allows decoded %2e%2e → CWD .. and directory escape (Path Traversal, CWE-22)

ftpparseurlpath in lib/ftp.c URL-decodes FTP path segments e.g. %2e%2e and then splits the decoded path into components using an ad-hoc loop that skips empty components produced by //. The code does not perform canonical path normalization no stack-based handling of . or ... As a result, encoded...

curl: SMTP CRLF Injection in curl/libcurl via MAIL FROM/RCPT TO parameters

SMTP CRLF Injection Vulnerability in curl/libcurl Vulnerability ID: CURL-SMTP-CRLF-2024 CWE-93: Improper Neutralization of CRLF Sequences Executive Summary curl/libcurl contains a CRLF injection vulnerability in its SMTP implementation that allows attackers to inject arbitrary SMTP commands by...

CVE-2025-64494

Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data e.g. names and ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages...

OneFlow 安全漏洞

Oneflow is a deep learning framework open-sourced by Oneflow. A security vulnerability exists in OneFlow version v0.9.0 that stems from improper input validation and could lead to a segmentation violation when adding Python sequences during broadcast or type conversion...

Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic

Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protections under certain circumstances. This...

CVE-2025-64494

Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data e.g. names and ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages...

CVE-2025-64494 Soft Serve does not sanitize ANSI escape sequences in user input

Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data e.g. names and ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages...

CVE-2025-64494 Soft Serve does not sanitize ANSI escape sequences in user input

Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data e.g. names and ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages...

CVE-2025-64494

Soft Serve (Charmbracelet/soft-serve) does not sanitize ANSI escape sequences in user input, and does not sanitize git messages in some UI paths. Affected versions are prior to 0.10.0. The issue can enable fake-alert-like output due to unsanitized input, with related cleanup needed in printed git...

EUVD-2025-38212

Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data e.g. names and ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages...

CVE-2025-64494 Soft Serve does not sanitize ANSI escape sequences in user input

Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data e.g. names and ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages...

Soft Serve 安全漏洞

Soft Serve is a self-hostable command-line Git server from Charm Open Source. A security vulnerability exists in Soft Serve versions prior to 0.10.0, which stems from not removing ANSI escape sequences and not cleaning up git messages, which could lead to a fake alert attack...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper symlink handling during the mounting process. An attacker can access and read arbitrary files from the virt-launcher pod's file system by creating a symbolic link within a PVC that points to sensitive...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper symlink handling during the mounting process. An attacker can access and read arbitrary files from the virt-launcher pod's file system by creating a symbolic link within a PVC that points to sensitive...