SUSE CVE-2026-42563

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

Command Injection

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Command Injection via pbts. An attacker can execute arbitrary shell commands by supplying file paths containing shell...

Ubuntu 24.04 LTS : wheel vulnerability (USN-8221-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8221-1 advisory. It was discovered that wheel did not correctly handle certain file paths. If a user or automated system were tricked into opening a specially crafted file, an...

Iperius Backup 缓冲区错误漏洞

Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Version 5.8.1 of Iperius Backup contains a buffer overflow vulnerability. This vulnerability stems from an issue with the structured exception handling mechanism, which can lead to a local buffer overflow. As a resul...

Command Injection

pgAdmin 4 is vulnerable to command injection. The vulnerability is due to the use of shell=True during backup and restore operations on Windows systems, which allows an attacker to execute arbitrary system commands by supplying specially crafted file path input...

CVE-2025-12763

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...

Directory Traversal

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Directory Traversal via the WriteFile and ReadFile tools. An attacker can gain full control over the server, including executing arbitrary commands, by supplying crafted file paths that allow writing files ...

CVE-2025-6218 RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...

Arbitrary File Write

github.com/schollz/croc is vulnerable to Arbitrary File Write through crafted File Paths. The vulnerability is due to the Croc protocol which allows senders to specify sn arbitrary path for a file transfer. If the recipient doesn't already have a file with the same name, an attacker can exploit...