CVE-2026-5027

The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences '../'...

EUVD-2025-203936

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...

USN-7583-1: Python vulnerabilities

It was discovered that Python incorrectly handled tar archive extraction with the filtering option. An attacker could possibly use this issue to modify files in arbitrary filesystem locations and cause data loss...

Ubuntu: Security Advisory (USN-5204-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5204-1: Django vulnerabilities

Chris Bailey discovered that Django incorrectly handled evaluating submitted passwords. A remote attacker could possibly use this issue to consume resources, resulting in a denial of service. CVE-2021-45115 Dennis Brinkrolf discovered that Django incorrectly handled the dictsort template filter. ...