EUVD-2025-18525

Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing...

CVE-2025-34510 Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip

Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing...

CVE-2025-34510

Sitecore XP, XM, and XC (versions 9.0–9.3 and 10.0–10.4) are affected by Zip Slip leading to RCE. A remote, authenticated attacker can upload a ZIP with path traversal to write arbitrary files and execute code. Public references describe post-auth exploitation chains (including Metasploit modules...

Where AI Provides Value

If you've worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then you're safe for another day. But the fact remains that AI...

Directory Traversal

Overview python-a2a is an A comprehensive Python library for Google's Agent-to-Agent A2A protocol Affected versions of this package are vulnerable to Directory Traversal via the createworkflow function in the api.py file. An attacker can access or modify files outside the intended directory by...

PT-2025-25750

Name of the Vulnerable Software and Affected Versions: Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 Description: A Zip Slip vulnerability affects the software. A remote, authenticated attacker can exploit this...

glibc security update

2.28-251.0.3.22 - Forward port of Oracle patches Reviewed-by: David Faust Oracle history: April-14-2025 Cupertino Miranda - 2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by: Elena Zannoni March-26-2025 Cupertino Miranda - 2.28-251.0.3.14 - OraBug: 36625686 Add MTE support on string...

CVE-2025-32799

The Conda-build contains commands and tools to build Conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. This flaw allows attackers to craft tar archives containing entries with...

CVE-2025-32799

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...

CVE-2025-32799 Conda-build Vulnerable to Path Traversal via Malicious Tar File

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...

CVE-2025-32799 Conda-build Vulnerable to Path Traversal via Malicious Tar File

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...

CVE-2025-32799

CVE-2025-32799 affects conda-build prior to 25.4.0, where tar entry path sanitization allows path traversal (Tarslip) in created/extracted archives. Attacks could overwrite files outside the extraction directory, potentially leading to privilege escalation or code execution. A fix is available in...

CVE-2025-32799 Conda-build Vulnerable to Path Traversal via Malicious Tar File

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the downloading and installation of Xuggler. An attacker can add files to arbitrary locations on the server and/or download and execute arbitrary files from the download server by manipulating the...

Astra Linux – Vulnerability in Ruby-Rack

Rack provides an interface for developing web applications in Ruby. Before versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static could serve files under the specified root: even if urls: was provided. This might lead to unexpected access to other files under the same root: directory. The vulnerabilit...

Security Bulletin: LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code, affect watsonx.data

Summary LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request intended for server-side color lookup contains a flaw allowing a client to send color-name requests with a name longer than the maximum si...

TencentOS Server 4: git (TSSA-2025:0090)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0090 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 3: subversion (TSSA-2022:0178)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0178 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: python-cryptography (TSSA-2022:0083)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0083 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: mingw-expat (TSSA-2023:0142)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0142 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...