Lucene search
K

141 matches found

Snyk
Snyk
added 2026/02/17 6:53 p.m.3 views

Directory Traversal

Overview github.com/labstack/echo/middleware is a middleware package for echo. Affected versions of this package are vulnerable to Directory Traversal in middleware.Static, which allows file reads, when default configuration options are in use. An attacker can read files outside the static root, ...

6.9CVSS6.5AI score0.00329EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/17 6:53 p.m.3 views

Directory Traversal

Overview github.com/labstack/echo/v5/middleware is a middleware package for echo. Affected versions of this package are vulnerable to Directory Traversal in middleware.Static, which allows file reads, when default configuration options are in use. An attacker can read files outside the static roo...

6.9CVSS6.5AI score0.00329EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/26 9:50 p.m.5 views

EUVD-2026-4657

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for ./ but not .. On Windows, backslashes are directory separators...

6.5CVSS5.9AI score0.00433EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.9 views

PT-2026-4824

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.28.1 Description A path traversal flaw exists in pnpm's tarball extraction process on Windows systems. The vulnerability stems from incomplete path normalization, specifically failing to account for . in addition to ....

6.5CVSS5.9AI score0.00433EPSS
Exploits1References11
NVD
NVD
added 2025/12/31 1:15 a.m.1 views

CVE-2025-11964

On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf16letoutf8truncated can write data beyond the end of the provided buffer...

1.9CVSS0.00102EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/12/31 12:58 a.m.5 views

CVE-2025-11964

On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf16letoutf8truncated can write data beyond the end of the provided buffer...

1.9CVSS5.3AI score0.00102EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.5 views

PT-2025-54266

Name of the Vulnerable Software and Affected Versions libpcap affected versions not specified Description On Windows operating systems, a buffer overflow can occur when libpcap converts a Windows error message to UTF-8 if the message contains characters requiring 4 bytes in UTF-8 representation...

1.9CVSS6.8AI score0.00102EPSS
Exploits0References5
Snyk
Snyk
added 2025/12/17 8:38 p.m.4 views

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unsafe executable resolution when exporting notebooks containing SVG output to PDF. During export, the svg2pdf.py preprocessor resolves the inkscape executable using shutil.which, which on Windows...

8.5CVSS6AI score0.00233EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/19 9:55 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in ZIP archives. An attacker can exploit this vulnerability by convincing a user to open or extract a crafted ZIP file containing malicious symlinks to unintended directories,...

7.8CVSS7.6AI score0.27017EPSS
Exploits11References2
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.1 views

Mozilla Firefox < 53.0.2

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 53.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2017-14 advisory. - A use-after-free can occur during Buffer11 API calls within the ANGLE graphics library, used for WebGL content. This...

8.8CVSS8.2AI score0.01353EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.6 views

Mozilla Firefox ESR < 78.7.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.7.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-06 advisory. - In the Angle graphics library, depth pitch computations did not take into account the block size and simply...

6.5CVSS7AI score0.00637EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.5 views

Mozilla Firefox < 85.0.1

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 85.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-06 advisory. - In the Angle graphics library, depth pitch computations did not take into account the block size and simply multipli...

6.5CVSS7AI score0.00637EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/18 12:0 a.m.6 views

Mozilla Firefox < 67.0.2

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 67.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-16 advisory. - A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at ...

6.5CVSS7.6AI score0.01366EPSS
Exploits0References2
OSV
OSV
added 2025/10/20 7:57 p.m.5 views

CVE-2025-62522 vite allows server.fs.deny bypass via backslash on Windows

Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended...

6CVSS6.8AI score0.01031EPSS
Exploits0References4
OSV
OSV
added 2025/10/14 1:15 p.m.2 views

CVE-2025-11713

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability affects Firefox 144, Firefox ESR 140.4, Thunderbird 144, and...

8.1CVSS5.9AI score0.00334EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/14 12:27 p.m.1 views

CVE-2025-11713 Potential user-assisted code execution in “Copy as cURL” command

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and...

5.9AI score0.00334EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-14513

Malware in sbrugna...

5.5CVSS7.2AI score0.00362EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-3423

Malware in sbrugna...

7.8CVSS8.1AI score0.00228EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-29645

Malicious code in bioql PyPI...

6.5CVSS7.8AI score0.00635EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-54430

Malicious code in bioql PyPI...

8.6CVSS8.5AI score0.00688EPSS
Exploits0References6
Rows per page
Query Builder