108 matches found
CVE-2026-53571
Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...
CVE-2026-53571
Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...
Directory Traversal
Overview vite-plus is a The Unified Toolchain for the Web Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...
Directory Traversal
Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...
vite: `server.fs.deny` bypass on Windows alternate paths
Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...
GHSA-FX2H-PF6J-XCFF vite: `server.fs.deny` bypass on Windows alternate paths
Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu aka Gamaredon and SHADOW-EARTH-066 aka...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the validatepathelementntfs function. An attacker can write arbitrary files and potentially execute code in the victim's user context by crafting malicious Git repositories with NTFS-hostile tree entries that are...
Unity Linux 20.1060e / 20.1070e Security Update: libgit2 (UTSA-2026-017582)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017582 advisory. An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. Th...
Astra Linux – Vulnerability in libgit2
A issue was discovered in libgit2 before versions 0.28.4 and 0.9x before version 0.99.0. path.c improperly handles equivalent filenames that exist due to NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...
EulerOS Virtualization 2.12.0 : samba (EulerOS-SA-2026-1518)
According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data...
Exploit for Path Traversal in Rarlab Winrar
CVE-2025-8088 CVE-2025-8088 — Educational proof-of-concept for...
Exploit for Path Traversal in Rarlab Winrar
CVE-2025-8088 Explotación WinRAR Herramienta avanzada de...
Exploit for Path Traversal in Rarlab Winrar
☠️ CVE-2025-8088 WinRAR Exploit Tool ☠️ SYSTEM ACCESS:...
Samba Information Disclosure (CVE-2025-9640)
In the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability. Note that Nessus has not tested for...
Exploit for Path Traversal in Rarlab Winrar
🧩 CVE-2025-8088 — WinRAR Zero-Day Vulnerability Type: Pat...
Astra Linux – Vulnerability in Samba
A flaw was discovered in Samba, specifically in the vfsstreamsxattr module. In this module, uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content, which may include sensitive data, resulting in an information...
Medium: samba
Issue Overview: A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure...
JLSEC-2025-182 An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...
CVE-2025-9640
A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability...