CVE-2023-4118

A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may ...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

CVE-2023-54258

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential oops in cifsoplockbreak With deferred close we can have closes that race with lease breaks, and so with the current checks for whether to send the lease response, oplockresponse, this can mean that an unmount...

CVE-2023-54280 cifs: fix potential race when tree connecting ipc

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

CVE-2022-50861

In the Linux kernel, the following vulnerability has been resolved: NFSD: Finish converting the NFSv2 GETACL result encoder The xdrstream conversion inadvertently left some code that set the pagelen of the send buffer. The XDR stream encoders should handle this automatically now. This oversight...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the TkFiles function. An attacker can access files outside the intended directory by submitting specially crafted HTTP request paths containing directory traversal sequences. Details A Directory Traversal attack...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via crafted symbolic links in the repository. An attacker can access sensitive files on the server filesystem by creating and referencing symbolic links that point to arbitrary locations. Details A Directory Traversa...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2025-28049)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28049 advisory. - NFSD: Define a proclayoutcommit for the FlexFiles layout type Chuck Lever Orabug: 38601819 CVE-2025-40087 - vfs: Don't leak disconnected dentrie...

SUSE CVE-2025-65516

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

CVE-2025-65516

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

CVE-2025-65516

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

CVE-2025-65516

Summary: CVE-2025-65516 is a stored XSS affecting Seafile Community Edition before 13.0.12 when using the Golang file server. An attacker can upload a crafted SVG containing malicious JavaScript and share it via a public link; opening that link triggers script execution in the victim’s browser. A...

CVE-2025-65516

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

EUVD-2025-201190

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

PT-2025-49098

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

USN-7907-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; -...

LIVE555 Streaming Media Null Pointer Dereference Vulnerability

LIVE555 Streaming Media is a cross-platform C++ open source library , focusing on providing solutions for streaming media applications , supporting a variety of standard protocols such as RTP/RTCP, RTSP and SIP. LIVE555 Streaming Media has a null pointer dereference vulnerability that originates...

CVE-2025-65408

A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted ADTS file...

UBUNTU-CVE-2025-65408

A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service DoS via supplying a crafted ADTS file...

CVE-2025-13265

The CVE-2025-13265 entry describes a path-traversal weakness in lsFusion Platform (up to 6.1) affecting ZipUtils.java (file server path: ZipUtils.java, unpackFile function). The underlying issue is improper handling in unpackFile that allows path traversal, and the vulnerability can be triggered ...