org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.10.0 Vulnerability Details CVEID:CVE-2026-33230 DESCRIPTION: NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development ...

PT-2026-41864

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

ALSA-2026:19155 Important: python-markdown security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

SUSE SLES15 Security Update : nginx (SUSE-SU-2026:1953-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1953-1 advisory. This update for nginx fixes the following issues Security issues: - CVE-2026-1642: plain text data injection into the response from...

RHEL 10 : python-markdown (RHSA-2026:19155)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:19155 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...

TYPO3 Extension Faceted Search 路径遍历漏洞

TYPO3 Extension Faceted Search is an open-source extension for TYPO3 that enables faceted search. TYPO3 Extension Faceted Search has a path traversal vulnerability. This vulnerability stems from the fact that the file indexer does not normalize the configured directory paths. As a result, backend...

RHEL 9 : python-markdown (RHSA-2026:19366)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:19366 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...

PT-2026-41992

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description An issue exists in the handle compose command function within kitty/graphics.c where bounds validation on composition offsets uses unsigned 32-bit arithmetic. This process is subject to integer...

Directory Traversal

Overview @joplin/onenote-converter is an Used to import a OneNote archive into Joplin Affected versions of this package are vulnerable to Directory Traversal via the OneNote importer. An attacker can overwrite arbitrary files on disk by supplying a crafted .one file containing specially crafted...

Exploit for CVE-2026-5203

CVE-2026-5203 — CMS Made Simple ≤ 2.2.22 RCE Path Traversal +...

CVE-2026-47090

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...

CVE-2026-45008

phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCEDELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to recursively delete...

CVE-2020-37246

Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal sequences to access...

CVE-2020-37245

Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access files outside the web root by injecting directory traversal sequences. Additionally, the plugin fails to sanitize input fields in publication settings, allowing...

CVE-2026-47090

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...

CVE-2026-47090

Claude HUD up to version 0.0.12 is affected by a terminal-injection vulnerability in OSC 8 hyperlink handling. The root cause is constructing OSC 8 sequences from raw cwd and branchUrl values without stripping control characters or encoding embedded values, enabling injection of ANSI codes into t...

EUVD-2026-30801

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...

CVE-2026-47090 Claude HUD 0.0.12 Terminal Injection via OSC 8 Hyperlinks

Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded values, allowing attackers to inject arbitrary ANSI codes into terminal sessions. Attackers can...