13 matches found
TP-Link VX800v security vulnerability
The TP-Link VX800v is a VoIP gateway produced by the TP-Link company. The TP-Link VX800v 1.0 version has a security vulnerability. This vulnerability stems from improper parsing of USB HTTP access path links, which may allow custom USB devices to expose the contents of the root file system...
CVE-2025-63680
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...
CVE-2025-63680
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...
CVE-2025-63680
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...
CVE-2025-63680
Nero BackItUp (Nero Productline) is affected by a path parsing/UI rendering flaw (CWE-22) that, in conjunction with Windows ShellExecuteW fallback extension resolution, enables arbitrary code execution when a user clicks a crafted entry. The mechanism: create a trailing-dot folder and place a scr...
PT-2025-50994
Name of the Vulnerable Software and Affected Versions macOS Sonoma versions prior to 14.8.3 macOS Tahoe versions prior to 26.1 macOS Sequoia versions prior to 15.7.3 Description A flaw exists in how the operating system parses directory paths. This could allow an application to access sensitive...
PT-2025-44830
Name of the Vulnerable Software and Affected Versions macOS versions prior to Sonoma 14.8.2 macOS versions prior to Sequoia 15.7.2 Description A flaw exists in how the operating system parses directory paths. This could allow an application to access sensitive user data due to insufficient path...
CVE-2025-58362
Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...
CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion
Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...
CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion
Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...
PT-2025-36105
Name of the Vulnerable Software and Affected Versions: Hono versions 4.8.0 through 4.9.5 Description: Hono is a Web application framework that provides support for any JavaScript runtime. A flaw exists in the getPath utility function that could allow path confusion and potential bypass of...
firefox: thunderbird: Unsafe attribute access during XPath parsing
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access an...
CVE-2018-10917
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories...