141 matches found
Directory Traversal
Overview github.com/labstack/echo/middleware is a middleware package for echo. Affected versions of this package are vulnerable to Directory Traversal in middleware.Static, which allows file reads, when default configuration options are in use. An attacker can read files outside the static root, ...
Directory Traversal
Overview github.com/labstack/echo/v5/middleware is a middleware package for echo. Affected versions of this package are vulnerable to Directory Traversal in middleware.Static, which allows file reads, when default configuration options are in use. An attacker can read files outside the static roo...
EUVD-2026-4657
pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for ./ but not .. On Windows, backslashes are directory separators...
PT-2026-4824
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.28.1 Description A path traversal flaw exists in pnpm's tarball extraction process on Windows systems. The vulnerability stems from incomplete path normalization, specifically failing to account for . in addition to ....
CVE-2025-11964
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf16letoutf8truncated can write data beyond the end of the provided buffer...
CVE-2025-11964
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf16letoutf8truncated can write data beyond the end of the provided buffer...
PT-2025-54266
Name of the Vulnerable Software and Affected Versions libpcap affected versions not specified Description On Windows operating systems, a buffer overflow can occur when libpcap converts a Windows error message to UTF-8 if the message contains characters requiring 4 bytes in UTF-8 representation...
Uncontrolled Search Path Element
Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unsafe executable resolution when exporting notebooks containing SVG output to PDF. During export, the svg2pdf.py preprocessor resolves the inkscape executable using shutil.which, which on Windows...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in ZIP archives. An attacker can exploit this vulnerability by convincing a user to open or extract a crafted ZIP file containing malicious symlinks to unintended directories,...
Mozilla Firefox < 53.0.2
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 53.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2017-14 advisory. - A use-after-free can occur during Buffer11 API calls within the ANGLE graphics library, used for WebGL content. This...
Mozilla Firefox ESR < 78.7.1
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.7.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-06 advisory. - In the Angle graphics library, depth pitch computations did not take into account the block size and simply...
Mozilla Firefox < 85.0.1
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 85.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-06 advisory. - In the Angle graphics library, depth pitch computations did not take into account the block size and simply multipli...
Mozilla Firefox < 67.0.2
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 67.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2019-16 advisory. - A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at ...
CVE-2025-62522 vite allows server.fs.deny bypass via backslash on Windows
Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended...
CVE-2025-11713
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability affects Firefox 144, Firefox ESR 140.4, Thunderbird 144, and...
CVE-2025-11713 Potential user-assisted code execution in “Copy as cURL” command
Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and...
EUVD-2017-14513
Malware in sbrugna...
EUVD-2019-3423
Malware in sbrugna...
EUVD-2023-29645
Malicious code in bioql PyPI...
EUVD-2023-54430
Malicious code in bioql PyPI...