113 matches found
Directory Traversal
Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Directory Traversal
Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
CVE-2026-44729
Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...
When Vitest UI server is listening, arbitrary file can be read and executed
Summary Arbitrary file can be read on Windows when Vitest UI server is listening, especially when exposed to the network. Impact Only users that match either of the following conditions are affected: - explicitly exposes the Vitest UI server to the network using --api.host or api.host config opti...
PT-2026-45492
Name of the Vulnerable Software and Affected Versions Vitest versions prior to 4.1.0 Description A flaw in the UI/API server on Windows allows remote attackers to bypass file access restrictions and read arbitrary files when the server is exposed to the network. The issue occurs because the API...
Directory Traversal
Overview taipy is an A 360° open-source platform from Python pilots to production-ready web apps. Affected versions of this package are vulnerable to Directory Traversal via the ElementLibrary.getresource function. An attacker can access files outside the intended directory by sending crafted GET...
CVE-2026-44729 Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)
Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...
CVE-2026-44729
Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...
CVE-2026-44729 Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)
Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...
CVE-2026-44729
Twenty CRM versions 1.18.0 and earlier expose file serving endpoints at /files/* and /file/:fileFolder/:id that serve uploaded files via fileStream.pipe(res) without Content-Type, Content-Disposition, or X-Content-Type-Options headers. An authenticated attacker can upload an HTML file containing ...
CVE-2026-44259 efw4.X: Stored XSS via previewServlet
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the digestToPath function. An attacker can access or modify files outside the intended directory by supplying crafted input to the digest parameter. Details A Directory Traversal attack also known as path travers...
CVE-2026-34826
A flaw was found in Rack. A remote attacker can exploit this by sending a specially crafted HTTP Range header containing numerous small, overlapping byte ranges. This can cause disproportionate consumption of CPU, memory, I/O, and bandwidth resources. The result is a Denial of Service DoS conditi...
Rack's multipart byte range processing allows denial of service via excessive overlapping ranges
Summary Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the file size, it does not restrict the count of ranges. An attacker can supply many...
GHSA-X8CG-FQ8G-MXFX Rack's multipart byte range processing allows denial of service via excessive overlapping ranges
Summary Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the file size, it does not restrict the count of ranges. An attacker can supply many...
GHSA-Q4QF-9J86-F5MH Rack:: Static header_rules bypass via URL-encoded paths
Summary Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers...
Rack:: Static header_rules bypass via URL-encoded paths
Summary Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers...
Rack's multipart byte range processing allows denial of service via excessive overlapping ranges
Summary Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the file size, it does not restrict the count of ranges. An attacker can supply many...
PT-2026-29815
Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description The Rack::Utils.get byte ranges function parses the HTTP Range header without limiting the number of individual byte ranges. While a previous fix for CVE-2024-26141 prevents ranges...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through a discrepancy in path normalization between protocol handlers and internal routing. An attacker can bypass folder-level permissions or escape the boundaries of a configured virtual folder by crafting specific...