Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue only affects clients. An integer underflow can lead to a Denial of Service DOS vulnerability, for example, an abort due to WINPRASSERT with default compilation flags. When an...

CVE-2026-35471 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3...

CVE-2026-35471

goshs (Go SimpleHTTPServer) contains a path-traversal vulnerability in tdeleteFile() where a missing return after the traversal check allowed deletion of files outside the webroot. This is fixed in version 2.0.0-beta.3; upgrading to 2.0.0-beta.3 or newer is recommended. OpenSUSE and Red Hat advis...

CVE-2026-35471

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3...

CVE-2026-35393

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3...

CVE-2026-35393 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs POST multipart upload

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3...

CVE-2026-35393

The connected advisory GHSA-JG56-WF8X-QRV5 describes a path traversal vulnerability in goshs (httpserver/updown.go) exploited via POST multipart uploads. The target path is derived from the unsanitized request URL path, while the uploaded file name is sanitized, enabling an attacker to craft a UR...

CVE-2026-35392 goshs has an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in goshs PUT Upload

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3...

EUVD-2026-19488

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitization. This vulnerability is fixed in 2.0.0-beta.3...

CVE-2025-9385

A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fixipv6checksums of the file editpacket.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been published and may be used...

CVE-2025-48064 GitHub Desktop vulnerable to maliciously crafted file renames leading to information disclosure

GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to access a network...

CVE-2025-31122 scratch-coding-hut.github.io Login Links Generation vulnerability

scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field...

SUSE CVE-2023-39350

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS e.g. abort due to WINPRASSERT with default compilation flags. When an insufficient blockLen is provided, and proper length...

SUSE CVE-2023-40575

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the generalYUV444ToRGB8uP3AC4RBGRX function. This issue is likely down to insufficient data for the pSrc variable and results in crashe...

PT-2023-4663 · Freerdp +8 · Freerdp +8

Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.11.0 FreeRDP versions prior to 3.0.0-beta3 Description: The issue is related to an Out-Of-Bounds Write in the clear decompress bands data function due to a lack of offset validation. This can be exploited by a remo...

PT-2023-20443 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 3.1.0.beta2 through 3.1.0.beta3 Description: Discourse is an open-source discussion platform. Editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. Recommendations...

PT-2022-16875 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.8.2 and prior in the stable branch Discourse versions 2.9.0.beta3 and prior in the beta branch Discourse versions 2.9.0.beta3 and prior in the tests-passed branch Description: Discourse is an open source discussion...