8767 matches found
CVE-2025-70314
webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable...
CVE-2025-70314
webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable...
CVE-2026-24895 FrankenPHP affected by Path Confusion via Unicode casing in CGI path splitting allows execution of arbitrary files
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split index for finding .php on a lowercased copy of the request path but applies that byte index to the...
Incorrect Behavior Order: Validate Before Canonicalize
Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended script execution by crafting a request path containing specific multi-byte Unicode characters, which manipulates the...
CVE-2025-70314
CVE-2025-70314 affects webfsd 1.21 and is due to a buffer overflow triggered by a crafted request through the filename variable. Base metrics indicate a CRITICAL impact (CVSS 3.1: HIGH confidentiality, integrity, availability). Publicly documented remediation/patch details are not provided in the...
CVE-2025-70314
webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable...
webfsd 安全漏洞
Webfsd is a simple HTTP server developed by Farshid Ashouri. Version 1.21 of Webfsd contains a security vulnerability, which stems from a buffer overflow in the filename variable. This vulnerability could potentially trigger a denial-of-service attack through specially crafted requests...
PT-2026-7891
webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable...
CVE-2025-70314
webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable...
CVE-2025-70314
webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable...
PT-2026-7946
Name of the Vulnerable Software and Affected Versions Deciso OPNsense affected versions not specified Description A flaw exists in the handling of backup configuration files within Deciso OPNsense. The issue stems from insufficient validation of user-provided input before it is used in a system...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gpg2 (SUSE-SU-2026:0434-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0434-1 advisory. Security fixes: - CVE-2026-24882: Fixed stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA...
CVE-2020-37104
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...
CVE-2020-37104
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...
CVE-2020-37104 ASTPP 4.0.1 VoIP Billing - Database Backup Download
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...
Security update for gpg2
This update for gpg2 fixes the following issues: Security fixes: CVE-2026-24882: Fixed stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396 Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data "Filename" Field bsc1256389 Patch Instructions:...
SUSE-SU-2026:0434-1 Security update for gpg2
This update for gpg2 fixes the following issues: Security fixes: - CVE-2026-24882: Fixed stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396 - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data 'Filename' Field bsc1256389...
kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
A slab-out-of-bounds exists in the linux kernel in efivarfsdcompare, such that the issue can be triggered by parallel lookups using an invalid filename due to an incorrect memcmp function...
CVE-2025-70085
OpenSatKit 2.2.1 is affected by a stack-based buffer overflow in EventErrStr (256-byte) caused by unsafe sprintf usage when formatting two filenames into the buffer (Source1Filename and FileUtil_FileStateStr). Affected functions include FILE_ConcatenateCmd() and ConcatenateFiles() in file.c, with...
PT-2026-7630
Name of the Vulnerable Software and Affected Versions OpenSatKit version 2.2.1 Description The software contains a buffer overflow issue due to the use of sprintf without proper length checking when formatting filenames into the EventErrStr buffer. The EventErrStr buffer is fixed at 256 bytes. Th...