CVE-2025-41242

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...

CVE-2025-41242

CVE-2025-41242 is a path traversal vulnerability in Spring Framework MVC when deployed on a non‑compliant Servlet container. An app is at risk if it is WAR‑deployed or uses an embedded container, the container does not reject suspicious URI sequences, and the app serves static resources via Sprin...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2015-5305 DESCRIPTION: Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2025-48379 DESCRIPTION: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with...

Linux Distros Unpatched Vulnerability : CVE-2024-42010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages,...

Linux Distros Unpatched Vulnerability : CVE-2022-3775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. ...

Linux Distros Unpatched Vulnerability : CVE-2020-7694

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP...

Exploit for Path Traversal in Rarlab Winrar

PoC for CVE-2025-8088: Path Traversal in WinRAR Vulnerabil...

CVE-2025-54389

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

CVE-2011-10010

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

CVE-2011-10009

S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 WinRAR Path Traversal Exploit PoC !PoC Demo...

RMSL: Weakly-Supervised Insider Threat Detection with Robust Multi-Sphere Learning

Insider threat detection aims to identify malicious user behavior by analyzing logs that record user interactions. Due to the lack of fine-grained behavior-level annotations, detecting specific behavior-level anomalies within user behavior sequences is challenging. Unsupervised methods face high...

Linux Distros Unpatched Vulnerability : CVE-2023-53048

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: typec: tcpm: fix warning when handle discoveridentity message Since both source and sink device can send discoveridentity message in PD3, kernel may dump...

Linux Distros Unpatched Vulnerability : CVE-2025-38236

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: afunix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in...

SUSE CVE-2025-55193

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in...

CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

AZL-66297 CVE-2025-54389 affecting package aide for versions less than 0.18.6-2

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

DEBIAN-CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

AZL-66434 CVE-2025-54389 affecting package aide for versions less than 0.16-17

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...