Directory Traversal

Overview dosage is an a comic strip downloader and archiver Affected versions of this package are vulnerable to Directory Traversal via the process of constructing target file names from remote comic sources, where the file extension is derived from the HTTP Content-Type header. An attacker can...

autottp

This is a Python wrapper for the PowerShell Empire API, a framework for penetration testing and red teaming. The wrapper provides a simple interface to interact with the Empire API, allowing users to automate tasks and sequences of actions. The wrapper is feature complete as of Empire 1.5.0 and...

git: Git does not sanitize URLs when asking for credentials interactively

A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed...

Apache Tomcat 10.1.0-M1 < 10.1.45 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.109, 10.1.0-M1 prior to 10.1.45 or 11.0.0-M1 prior to 11.0.11. It is, therefore, affected by multiple vulnerabilities : - Console manipulation via escape sequences in log messages. CVE-2025-55754 - Directory...

Apache Tomcat 11.0.0-M1 < 11.0.11 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.109, 10.1.0-M1 prior to 10.1.45 or 11.0.0-M1 prior to 11.0.11. It is, therefore, affected by multiple vulnerabilities : - Console manipulation via escape sequences in log messages. CVE-2025-55754 - Directory...

Apache Tomcat 9.0.0-M1 < 9.0.109 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.109, 10.1.0-M1 prior to 10.1.45 or 11.0.0-M1 prior to 11.0.11. It is, therefore, affected by multiple vulnerabilities : - Console manipulation via escape sequences in log messages. CVE-2025-55754 - Directory...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for 24.0.0-IF007, 24.0.1-IF005 and 25.0.0-IF002

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF007, 24.0.1-IF005 and 25.0.0-IF002. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous...

AI Summarization Optimization

These days, the most important meeting attendee isn’t a person: It’s the AI notetaker. This system assigns action items and determines the importance of what is said. If it becomes necessary to revisit the facts of the meeting, its summary is treated as impartial evidence. But clever meeting...

Command Injection

Overview talkpipe is a Python internal and external DSL for writing generative AI analytics Affected versions of this package are vulnerable to Command Injection via the talkpipe.util.os.runcommand function which use subprocess.Popen..., shell=True unsafe. An attacker can execute arbitrary...

Directory Traversal

Overview mci-py is a Python adapter for MCI Affected versions of this package are vulnerable to Directory Traversal via the FileExecutor.execute and CLIExecutor.execute functions. An attacker can read, write, or execute files outside of the intended directory Details A Directory Traversal attack...

Directory Traversal

Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization in the file upload functionality. An attacker can upload and overwrite files outside the intended directory by providi...

Directory Traversal

Overview InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process Affected versions of this package are vulnerable to Directory Traversal via the isvalidpath method. An attacker can download arbitrary files via the...

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2025-41249,CVE-2025-41242)

Summary IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities . These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on...

CVE-2025-3355

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2025-3356

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view, overwrite, or append to arbitrary files on the system...

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

OESA-2025-2563 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

OESA-2025-2562 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

OESA-2025-2561 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

OESA-2025-2560 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...