Lucene search
+L

487 matches found

Snyk
Snyk
added 2026/05/06 9:45 p.m.14 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the gettemplate function on Windows systems due to improper normalization of backslash characters in URIs. An attacker can access and read files outside the intended template directory by supplying specially craft...

8.7CVSS6.3AI score0.00609EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/06 9:45 p.m.17 views

Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup

Summary On Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the configured template directory. Details The root cause is a...

8.7CVSS5.8AI score0.00609EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.16 views

PT-2026-38303

Name of the Vulnerable Software and Affected Versions Mako affected versions not specified Description On Windows, a path traversal issue exists where URIs using backslash traversal e.g., ....secret.txt can bypass directory traversal checks in Template. init and normalization in TemplateLookup.ge...

9.8CVSS5.8AI score0.00609EPSS
Exploits1References282
OSV
OSV
added 2026/04/30 10:41 a.m.9 views

CLSA-2026-1777545655 vim: Fix of 10 CVEs

CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...

7.8CVSS6.8AI score0.01864EPSS
Exploits10References1
OSV
OSV
added 2026/04/30 9:18 a.m.9 views

CLSA-2026-1777540724 cups: Fix of CVE-2023-4504

CVE-2023-4504: fix heap-based buffer overflow in cups raster-interpret PPD PostScript scanner; scanps in filter/interpret.c now returns NULL on a lone trailing backslash escape sequence rather than reading past the buffer terminator...

7CVSS6AI score0.00663EPSS
Exploits2References1
CVE
CVE
added 2026/04/22 4:9 p.m.12 views

CVE-2026-35377

The CVE-2026-35377 entry affects the uutils coreutils env utility. A logic error in handling the -S (split-string) mode causes incorrect parsing of command-line arguments; specifically, in contrast to GNU env, the implementation attempts to validate backslash sequences inside single quotes and fa...

3.3CVSS5.8AI score0.00102EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:9 p.m.5 views

CVE-2026-35377

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

3.3CVSS5.8AI score0.00102EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 4:9 p.m.4 views

CVE-2026-35377 uutils coreutils env Local Denial of Service via Improper Handling of Backslashes in Split-String Mode

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

3.3CVSS5.8AI score0.00102EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 4:9 p.m.37 views

CVE-2026-35377 uutils coreutils env Local Denial of Service via Improper Handling of Backslashes in Split-String Mode

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

3.3CVSS0.00102EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34513

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of and '. However, the uutils implementation incorrectl...

3.3CVSS5.8AI score0.00102EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/04/21 9:26 a.m.9 views

Security update 5.1.3 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing bsc1259554 Added x8664v2 as a possible rpm package architecture Make users with backslash working for salt-ssh...

8.7CVSS5.7AI score0.00375EPSS
Exploits0References12
SUSE Linux
SUSE Linux
added 2026/04/21 9:25 a.m.11 views

Security update 5.1.3 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Backport security patch for Salt vendored tornado bsc1259554: CVE-2026-31958: Add limits on multipart form data parsing Add x8664v2 as a possible rpm package architecture Make users with backslash working for salt-ssh bsc1254629 Fix...

8.7CVSS5.7AI score0.00375EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2026/04/16 11:0 p.m.8 views

Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)

Summary Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward slashes / for special schemes, a payload such as /\evil.com/path slips through isrelativeurl, is emitted unchanged in t...

5.1CVSS5.6AI score0.00339EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/16 11:0 p.m.13 views

GHSA-F3G8-9XV5-77GV Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)

Summary Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward slashes / for special schemes, a payload such as /\evil.com/path slips through isrelativeurl, is emitted unchanged in t...

5.1CVSS5.6AI score0.00339EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/16 10:36 p.m.10 views

Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering SSR. When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine Express, etc. passes the URL string to Angular’s...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/16 10:36 p.m.6 views

GHSA-45Q2-GJVG-7973 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering SSR. When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine Express, etc. passes the URL string to Angular’s...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.14 views

PT-2026-37184

Name of the Vulnerable Software and Affected Versions Saltcorn versions prior to 1.4.6 Saltcorn versions prior to 1.5.6 Saltcorn versions prior to 1.6.0-beta.5 Description Saltcorn fails to properly validate the dest parameter during the post-login process. The is relative url function only block...

5.1CVSS5.8AI score0.00339EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.25 views

Notepad++ <= 8.9.3 Stack-based Buffer Overflow (CVE-2026-5525)

The version of Notepad++ installed on the remote host is 8.9.3 or earlier. It is, therefore, affected by a stack-based buffer overflow vulnerability: - A stack-based buffer overflow exists in the file drop handler component WMDROPFILES. When a user drags and drops a directory path of exactly 259...

7.8CVSS6.3AI score0.00166EPSS
Exploits1References4
OSV
OSV
added 2026/04/10 8:16 a.m.2 views

CVE-2026-5525

A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds...

7.8CVSS6.3AI score
Exploits0References3
CVE
CVE
added 2026/04/10 7:40 a.m.162 views

CVE-2026-5525

CVE-2026-5525 affects Notepad++ up to version 8.9.3. The issue is a stack-based buffer overflow in the file drop handler (WM_DROPFILES) when dropping a directory path of exactly 259 characters without a trailing backslash. The handler appends a backslash and a null terminator without proper bound...

7.8CVSS6.2AI score0.00166EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder