127 matches found
CVE-2026-33947
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...
Linux Distros Unpatched Vulnerability : CVE-2019-25683
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying ...
EUVD-2019-20101
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...
CVE-2019-25683
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...
UBUNTU-CVE-2019-25683
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...
CVE-2019-25683
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...
CVE-2019-25683 FileZilla 3.40.0 Denial of Service via Local Search
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...
CVE-2019-25683 FileZilla 3.40.0 Denial of Service via Local Search
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...
PT-2026-30491
FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attackers to crash the application by supplying a malformed path string. Attackers can trigger the crash by entering a crafted path containing 384 'A' characters followed by 'BBBB' and...
PYSEC-2026-2287
In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the POST multipart upload process. An attacker can write arbitrary files to any existing directory on the filesystem by crafting a specially constructed URL path containing directory traversal sequences and...
PT-2026-29851
A newly disclosed stack buffer overflow CVE-2026-34124 affects specific TP-Link devices within their HTTP server, potentially leading to Denial of Service DoS. The vulnerability is triggered by malformed HTTP GET requests, with the original summary also indicating a similar POST body overflow...
📄 Vite 6.2.2 Arbitrary File Read
Proof of concept exploit for an arbitrary file read in Vite version 6.2.2. ============================================================================================================================================= | Title : Vite 6.2.2 Arbitrary File Read – PHP Exploit | | Author : indoushka | ...
Vert.x Web static handler component cache can be manipulated to deny the access to static files
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...
Croogo 安全漏洞
Croogo is Croogo open source a set of CakePHP framework based on the development of content management system CMS. The system provides content type can be customized as Blog, Node, Page, content editing using WYSIWYG editor and other features. Croogo 4.0.7 version of a security vulnerability , th...
CVE-2025-65233
Reflected cross-site scripting XSS in SLiMS slims9bulian before 9.6.0 via improper handling of $SERVER'PHPSELF' in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path...
CVE-2025-67718 Formio improperly authorized permission elevation through specially crafted request path
Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request path. An unauthenticated or unauthorized...
CVE-2020-36881
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field...
EUVD-2020-30823
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field...
CVE-2020-36881 Flexsense DiskBoss 'Add Input Directory' Buffer Overflow
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field...