CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command...

CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command...

PT-2026-44047

Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to execute commands via getconfig, and upload through the URL argument, and oracle through the -o flag The Supplier's perspective is that this is caused by Argument Injection in the find command query in rvia 12.6.4392.49...

CVE-2025-69600

Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversaries to execute commands via getconfig, and upload through the URL argument, and oracle through the -o flag The Supplier's perspective is that this is caused by Argument Injection in the find command query in rvia 12.6.4392.49...

CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command...

CVE-2026-38945

Raynet rvia 12.6 Update 8 and earlier versions are affected by a command injection due to improper termination of search criteria in Java-based search using the find command. This allows an adversary with local access to execute arbitrary code via a crafted path. The CVSS base score is 7.8 (HIGH)...

CVE-2026-38945

Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of rvia's Java search using the find command...

CVE-2026-44449

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPathfullPath call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly into the smbclient -c script without validation...

CVE-2026-44076

A flaw was found in Netatalk. A local user with high privileges could exploit this vulnerability by injecting shell commands through a crafted volume path. This shell injection could lead to arbitrary code execution, allowing the attacker to gain full control over the affected system...

Astra Linux - уязвимость в apache2

A carefully crafted request URI-path can cause modproxyuwsgi to exceed the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...

CVE-2026-44243

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...

CVE-2026-41059

A flaw was found in OAuth2 Proxy. An unauthenticated attacker can exploit a configuration-dependent authentication bypass by sending a crafted request containing a number sign in the path. This allows the OAuth2 Proxy to incorrectly match a public allowlist rule, leading to the exposure of...

CVE-2026-30351

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

CVE-2018-25261 Iperius Backup 5.8.1 Local Buffer Overflow SEH

Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling SEH mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location...

UBUNTU-CVE-2026-33947

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

CVE-2026-33947

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

CVE-2026-33947

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

Linux Distros Unpatched Vulnerability : CVE-2019-25683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying ...

EUVD-2019-20101

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...

CVE-2019-25683

FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...