487 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the gettemplate function on Windows systems due to improper normalization of backslash characters in URIs. An attacker can access and read files outside the intended template directory by supplying specially craft...
Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup
Summary On Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the configured template directory. Details The root cause is a...
PT-2026-38303
Name of the Vulnerable Software and Affected Versions Mako affected versions not specified Description On Windows, a path traversal issue exists where URIs using backslash traversal e.g., ....secret.txt can bypass directory traversal checks in Template. init and normalization in TemplateLookup.ge...
CLSA-2026-1777545655 vim: Fix of 10 CVEs
CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...
CLSA-2026-1777540724 cups: Fix of CVE-2023-4504
CVE-2023-4504: fix heap-based buffer overflow in cups raster-interpret PPD PostScript scanner; scanps in filter/interpret.c now returns NULL on a lone trailing backslash escape sequence rather than reading past the buffer terminator...
CVE-2026-35377
The CVE-2026-35377 entry affects the uutils coreutils env utility. A logic error in handling the -S (split-string) mode causes incorrect parsing of command-line arguments; specifically, in contrast to GNU env, the implementation attempts to validate backslash sequences inside single quotes and fa...
CVE-2026-35377
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...
CVE-2026-35377 uutils coreutils env Local Denial of Service via Improper Handling of Backslashes in Split-String Mode
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...
CVE-2026-35377 uutils coreutils env Local Denial of Service via Improper Handling of Backslashes in Split-String Mode
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...
PT-2026-34513
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of and '. However, the uutils implementation incorrectl...
Security update 5.1.3 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing bsc1259554 Added x8664v2 as a possible rpm package architecture Make users with backslash working for salt-ssh...
Security update 5.1.3 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Backport security patch for Salt vendored tornado bsc1259554: CVE-2026-31958: Add limits on multipart form data parsing Add x8664v2 as a possible rpm package architecture Make users with backslash working for salt-ssh bsc1254629 Fix...
Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)
Summary Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward slashes / for special schemes, a payload such as /\evil.com/path slips through isrelativeurl, is emitted unchanged in t...
GHSA-F3G8-9XV5-77GV Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)
Summary Saltcorn validates the post-login dest parameter with a string check that only blocks :/ and //. Because all WHATWG-compliant browsers normalise backslashes \ to forward slashes / for special schemes, a payload such as /\evil.com/path slips through isrelativeurl, is emitted unchanged in t...
Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server
Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering SSR. When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine Express, etc. passes the URL string to Angular’s...
GHSA-45Q2-GJVG-7973 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server
Impact A Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering SSR. When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine Express, etc. passes the URL string to Angular’s...
PT-2026-37184
Name of the Vulnerable Software and Affected Versions Saltcorn versions prior to 1.4.6 Saltcorn versions prior to 1.5.6 Saltcorn versions prior to 1.6.0-beta.5 Description Saltcorn fails to properly validate the dest parameter during the post-login process. The is relative url function only block...
Notepad++ <= 8.9.3 Stack-based Buffer Overflow (CVE-2026-5525)
The version of Notepad++ installed on the remote host is 8.9.3 or earlier. It is, therefore, affected by a stack-based buffer overflow vulnerability: - A stack-based buffer overflow exists in the file drop handler component WMDROPFILES. When a user drags and drops a directory path of exactly 259...
CVE-2026-5525
A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds...
CVE-2026-5525
CVE-2026-5525 affects Notepad++ up to version 8.9.3. The issue is a stack-based buffer overflow in the file drop handler (WM_DROPFILES) when dropping a directory path of exactly 259 characters without a trailing backslash. The handler appends a backslash and a null terminator without proper bound...