372 matches found
EUVD-2026-4656
pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...
Relative Path Traversal
Overview @pnpm/package-bins is a that returns bins of a package. Affected versions of this package are vulnerable to Relative Path Traversal via the commandsFromBin function when performing bin name validation and normalization. An attacker can create or overwrite arbitrary files outside the...
Siri Shortcuts MCP Server: Operating System Command Injection Vulnerability
Siri Shortcuts MCP Server is a tool developed by David as an integrated voice assistant and a context-based protocol server for large models. The Siri Shortcuts MCP Server has a vulnerability related to operating system command injection, which stems from insufficient validation of the shortcutNa...
Containerization security vulnerabilities
Containerization is an open-source Swift container package developed by Apple. There is a security vulnerability in Containerization, which stems from the lack of path name validation before extracting archived members. This vulnerability may allow files to be extracted to any writable location b...
Bdtask Isshue Cross-Site Script Vulnerability
Bdtask Isshue is a multi-store e-commerce shopping cart software developed by Bdtask Inc. Bdtask Isshue has a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of the productname parameter in POST requests sent to /categoryproductsearch, which may lead to...
MiracleLinux 7 : java-11-openjdk-11.0.20.0.8-1.el7 (AXSA:2023-6250:13)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6250:13 advisory. OpenJDK: ZIP file parsing infinite loop 8302483 CVE-2023-22036 OpenJDK: weakness in AES implementation 8308682 CVE-2023-22041 OpenJDK: improper...
CVE-2025-13699
Disclaimer: This data contains information about vulnerable...
CVE-2025-13699
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors m...
CVE-2025-67844
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...
CVE-2025-67844
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...
Linux Distros Unpatched Vulnerability : CVE-2025-40362
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in...
GO-2025-4218 memos lacks file name validation or verification in github.com/usememos/memos
memos lacks file name validation or verification in github.com/usememos/memos...
Path Traversal
io.github.wwwlike, vlife-base is vulnerable to Path Traversal. The vulnerability is due to improper validation of the fileName argument in the create function of SysFileApi.java, which allows a remote attacker to manipulate file paths and perform unauthorized file access via path traversal...
CVE-2025-67819
CVE-2025-67819 affects Weaviate OSS up to version 1.33.4. The issue is caused by lack of validation of the fileName field in the transfer logic, enabling an attacker who can invoke the GetFile method while a shard is in the “Pause file activity” state and the FileReplicationService is reachable t...
EUVD-2025-201721
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...
memos lacks file name validation or verification
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...
GHSA-QGJP-5G5X-VHQ2 memos lacks file name validation or verification
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...
PT-2025-49571
Name of the Vulnerable Software and Affected Versions usememos memos version 0.25.2 Description A missing check on file names in the Attachment service allows attackers to perform a path traversal attack. This impacts the usememos memos software. Recommendations Update to a newer version that...
CVE-2025-65799
The CVE-2025-65799 entry refers to usememos memos v0.25.2 lacking file name validation in the Attachment service, enabling path traversal. Affected component: github.com/usememos/memos/server/router/api/v1 (Attachment handling). Root cause: missing validation/verification of uploaded file names l...
CVE-2025-65799
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal...