PT-2026-46952

Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory query, exposed through both the CLI service TCP port 9090 and the HTTP JSON-RPC endpoint /jsonrpc.js. The query accepts a folder parameter and lists its contents with no restriction to the...

Dell PowerFlex Manager 安全漏洞

Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contain security vulnerabilities. These vulnerabilities stem from the exposure of directory list...

Astra Linux - уязвимость в firefox, thunderbird

When accessing directory listings for chrome:// URLs as source text, certain parameters are reflected. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

Dell PowerFlex Manager 安全漏洞

Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contain security vulnerabilities. These vulnerabilities stem from the exposure of directory list...

Malicious code in briantreehttp (npm)

briantreehttp is a typosquatting package impersonating braintreehttp, the HTTP client library published by Braintree/PayPal. The package bundles the legitimate library source to appear functional while hiding a credential-theft payload in index1.js, which is executed at install time via the...

Malicious code in dit-envv (npm)

dit-envv is a typosquatting package impersonating dotenv, the widely-used environment variable loader. The package bundles the legitimate dotenv source and documentation to appear functional while hiding a credential-theft payload in index1.js, executed at install time via the postinstall script...

Linux Distros Unpatched Vulnerability : CVE-2026-41324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory...

CVE-2026-41324

A flaw was found in basic-ftp, an FTP client for Node.js. A malicious or compromised remote FTP server can exploit this vulnerability by sending an extremely large or never-ending directory listing response. This can cause the client process to consume an unbounded amount of memory, leading to...

CVE-2026-41324

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to...

CVE-2026-41324

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to...

CVE-2026-41324 basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to...

EUVD-2026-25390

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to...

PT-2026-34847

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to...

Basic FTP 资源管理错误漏洞

Basic FTP is a Node.js FTP client library developed by Patrick Juchli. Versions of Basic FTP prior to 5.3.0 contained a resource management vulnerability. This vulnerability stemmed from unlimited memory growth when processing directory lists, which could lead to a denial-of-service attack...

GHSA-PR96-94W5-MX2H @fastify/static vulnerable to path traversal in directory listing

Impact @fastify/static v9.1.0 and earlier serves directory listings outside the configured static root when the list option is enabled. A request such as /public/../outside/ causes dirList.path to resolve a directory outside the root via path.join without a containment check. A remote...

Allocation of Resources Without Limits or Throttling

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the StringWriter method. An attacker can cause excessive memory consumption and...

CVE-2026-6410

A flaw was found in @fastify/static. When directory listing is enabled, a remote unauthenticated attacker can exploit a path traversal vulnerability. This occurs because the dirList.path function incorrectly resolves directories outside the configured static root. Successful exploitation allows t...

Fastify-Static 安全漏洞

Fastify-Static is an open-source plugin developed by Fastify. It is used to deliver static files as quickly as possible. Versions of Fastify-Static from 8.0.0 to 9.1.0 have security vulnerabilities; these vulnerabilities stem from path traversal when directory listings are enabled, which may lead...

PT-2026-33810

Summary [email protected] is vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to Client.list, causing the client process to...

EUVD-2026-18380

Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory...