DrvEye

drivertool A static-analysis & exploitation-triage toolkit...

EUVD-2026-25796

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

CVE-2026-7085

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

CVE-2026-7085

Technical details about CVE-2026-7085 are not publicly available in the provided documents. Monitor for updates on the Toonflow-app downloadApp endpoint path traversal; no specifics on affected versions, exploitability, or fixes are provided.

CVE-2026-7085 HBAI-Ltd Toonflow-app downloadApp Endpoint downloadApp.ts z.url path traversal

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

CVE-2026-30351

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

CVE-2026-30351

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

EUVD-2026-25862

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

PT-2026-35439

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

PT-2026-35526

Name of the Vulnerable Software and Affected Versions qnabot-on-aws versions prior to 7.3.0 Description Improper use of the static-eval npm package allows an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context. This is achieved by injecting a...

CVE-2026-30351

CVE-2026-30351 describes a path traversal vulnerability in the UI/static component of the LeonVanzyl Autocoder project, specifically at commit 79d02a. An attacker can read arbitrary files by sending crafted URL paths that include traversal sequences. The NVD entry lists a CVSS v3.1 base score of ...

CVE-2026-7030 Tenda F456 RouteStatic fromRouteStatic buffer overflow

A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and...

EUVD-2026-25705

A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and...

CVE-2026-7030

A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the digestToPath function. An attacker can access or modify files outside the intended directory by supplying crafted input to the digest parameter. Details A Directory Traversal attack also known as path travers...

Tenda F456 缓冲区错误漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer error vulnerability. This vulnerability stems from improper handling of the page parameter in the fromRouteStatic function within the/goform/RouteStatic file, which may...

Malicious code in @tw-utils/static (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8060c32aabe89eb22a82291f64a25a65a01040bd6aa838ea676e7f500a25f70d The package @tw-utils/static was found to contain malicious code. Source: ghsa-malware 60a80ead8b8afa898624fa960ac7edaf112ac7b55a89001fc4c066971c2c4c...

MAL-2026-3073 Malicious code in @tw-utils/static (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8060c32aabe89eb22a82291f64a25a65a01040bd6aa838ea676e7f500a25f70d The package @tw-utils/static was found to contain malicious code. Source: ghsa-malware 60a80ead8b8afa898624fa960ac7edaf112ac7b55a89001fc4c066971c2c4c...

[SECURITY] Fedora 44 Update: libcgif-0.5.3-1.fc44

A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...

SUSE CVE-2026-31551

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix staticbranchdec underflow for aqldisable. syzbot reported staticbranchdec underflow in aqlenablewrite. 0 The problem is that aqlenablewrite does not serialise concurrent writes to the debugfs. aqlenablewrite...