467 matches found
CVE-2026-5525
CVE-2026-5525 affects Notepad++ up to version 8.9.3. The issue is a stack-based buffer overflow in the file drop handler (WM_DROPFILES) when dropping a directory path of exactly 259 characters without a trailing backslash. The handler appends a backslash and a null terminator without proper bound...
CVE-2026-5525
A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds...
CVE-2026-39844 NiceGUI has a Path Traversal in NiceGUI Upload Filename on Windows via Backslash Bypass of PurePosixPath Sanitization
NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward slashes / as path separators, an attacker can bypass this sanitization on Windows by using backslashes \ in the upload filename. Applications that construct file paths using file.name a pattern...
CVE-2026-39844 NiceGUI has a Path Traversal in NiceGUI Upload Filename on Windows via Backslash Bypass of PurePosixPath Sanitization
NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward slashes / as path separators, an attacker can bypass this sanitization on Windows by using backslashes \ in the upload filename. Applications that construct file paths using file.name a pattern...
CVE-2026-39844
CVE-2026-39844 affects NiceGUI prior to 3.10.0, where upload file names are sanitized using PurePosixPath(filename).name. On Windows, backslashes are not treated as path separators by PurePosixPath, allowing attackers to bypass sanitization with backslash-filled filenames. If applications constru...
Ubuntu: Security Advisory (USN-8151-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-8151-1: lambdaisland/uri vulnerability
It was discovered that lambdaisland/uri did not properly sanitize the backslash character in URI strings. An attacker could possibly use this issue to bypass security checks or redirect users...
CVE-2026-34827
A flaw was found in Rack, a modular Ruby web server interface. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted multipart/form-data request. This request, containing numerous parts with lengthy backslash-escaped parameter values, causes the system to consu...
EUVD-2026-18474
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters...
Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters
Summary Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with Stringslice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing. An unauthenticat...
Directory Traversal
Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Directory Traversal due to improper validation of backslashes on...
ANT-2026-9VJ9JJXQ · junrar · Path Traversal
path-traversal medium GHSA-j273-m5qq-6825 Severity Claude high · Security research firm - · Maintainer medium Discovered by Claude Mythos Preview REPORT The report below was sent to the maintainer and sealed at approval. ANT-2026-9VJ9JJXQ: Arbitrary file write due to backslash path traversal...
CVE-2026-33468
Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...
CVE-2026-33442
Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...
CVE-2026-33468 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...
CVE-2026-33468 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...
CVE-2026-33468
Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...
CVE-2026-33468
Kysely (TypeScript SQL query builder) prior to version 0.28.14 is vulnerable to SQL injection when using the MySQL dialect if NO_BACKSLASH_ESCAPES is OFF, due to DefaultQueryCompiler.sanitizeStringLiteral() not escaping backslashes. The issue affects code paths that inline values via ImmediateVal...
CVE-2026-33468 Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's DefaultQueryCompiler.sanitizeStringLiteral only escapes single quotes by doubling them ' → '' but does not escape backslashes. When used with the MySQL dialect where NOBACKSLASHESCAPES is OFF by default, an...
CVE-2026-33442 Kysely has a MySQL SQL Injection via Backslash Escape Bypass in non-type-safe usage of JSON path keys.
Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the sanitizeStringLiteral method in Kysely's query compiler escapes single quotes ' → '' but does not escape backslashes. On MySQL with the default BACKSLASHESCAPES SQL mode, an attacker can inject a backslash...