Directory Traversal

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Directory Traversal via the keras.utils.getfile API when the extract=True option is used for tar archives. An attacker can write arbitrary files to any location on the...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator

Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.0 Vulnerability Details CVEID:CVE-2025-58767 DESCRIPTION: REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need ...

sudo_logsrvd_POC

Proof of Concept PoC — sudologsrvd directory-traversal →...

Security update for himmelblau

This update for himmelblau fixes the following issues: Update to version 0.7.18+git.0.8485a75. CVE-2025-58160: tracing-subscriber: untrusted user input containing ANSI escape sequences could be injected into terminal output when logged bsc1249013. Patch Instructions: To install this SUSE update u...

SUSE-SU-2025:3869-1 Security update for himmelblau

This update for himmelblau fixes the following issues: Update to version 0.7.18+git.0.8485a75. - CVE-2025-58160: tracing-subscriber: untrusted user input containing ANSI escape sequences could be injected into terminal output when logged bsc1249013...

Improper Neutralization Of Escape, Meta, Or Control Sequences

Apache Tomcat is vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences vulnerability. The vulnerability is due to Tomcat logging unescaped, user-controlled URL data to console output, and attackers can use specially crafted URLs to inject ANSI escape sequences to manipulate...

The AI-Designed Bioweapon Arms Race

Interesting article about the arms race between AI systems that invent/design new biological pathogens, and AI systems that detect them before they're created: The team started with a basic test: use AI tools to design variants of the toxin ricin, then test them against the software that is used ...

PT-2025-44451

Name of the Vulnerable Software and Affected Versions IBM Tivoli Monitoring versions 6.3.0.7 through 6.3.0.7 Service Pack 21 Description The software contains a directory traversal flaw. A remote attacker can exploit this by sending specially crafted URL requests containing "dot dot" sequences .....

PT-2025-44450

Name of the Vulnerable Software and Affected Versions IBM Tivoli Monitoring versions 6.3.0.7 through 6.3.0.7 Service Pack 21 Description The software potentially allows a remote attacker to access files on the system outside of the intended directories. This is achieved by sending a crafted URL...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.1)

The version of AOS installed on the remote host is prior to 7.3.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.1 advisory. - setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1.1)

The version of AHV installed on the remote host is prior to AHV-10.3.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1.1 advisory. - A vulnerability has been identified in the libarchive library, specifically within the archivereadformatrarseekdata...

uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...

GHSA-PQHF-P39G-3X64 uv allows ZIP payload obfuscation through parsing differentials

Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...

Directory Traversal

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied paths...

Exploit for CVE-2020-14882

🌐 CVE-2020-14882 — Oracle WebLogic Server Remote Code Execut...

Exploit for CVE-2025-55752

CVE-2025-55752: Apache Tomcat Path Traversal Vulnerability A...

MGASA-2025-0250 Updated tomcat packages fix security vulnerabilities

Directory traversal via rewrite with possible RCE if PUT is enabled. CVE-2025-55752 Console manipulation via escape sequences in log messages. CVE-2025-55754 Delayed cleaning of multi-part upload temporary files may lead to DoS. CVE-2025-61795...

Updated tomcat packages fix security vulnerabilities

Directory traversal via rewrite with possible RCE if PUT is enabled. CVE-2025-55752 Console manipulation via escape sequences in log messages. CVE-2025-55754 Delayed cleaning of multi-part upload temporary files may lead to DoS. CVE-2025-61795...

Mageia: Security Advisory (MGASA-2025-0250)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Operational Decision Manager for Sept 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-27818...