CVE-2026-54231

CVE-2026-54231 affects ABRT’s post-create event handler scripts in libreport. The event script reads journal entries for the crashed process and writes results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal...

CVE-2026-48126

Algernon, a small self-contained pure-Go web server, is vulnerable prior to version 1.17.8 when started with --domain (or --letsencrypt). The request handler resolves the served directory by joining the configured --dir with the client-supplied Host header using filepath.Join without validation, ...

CVE-2026-7316 eiliyaabedini aider-mcp code_with_ai aider_mcp.py command injection

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

CVE-2021-47960

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...

EUVD-2005-3992

Malware in sbrugna...

CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server

The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...

CVE-2025-59427

The Cloudflare Vite plugin is vulnerable when used in its default configuration, exposing all files on the local dev server (including root files like .env and .dev.vars) via the Workers runtime integration. Affected: Cloudflare Vite plugin within the Cloudflare Workers SDK. Root cause: default d...

The vulnerability of the IBM Security Directory Integrator, a software tool for synchronizing identity data, and the IBM Security Verify Directory Integrator, an integration tool, lies in their ability to disclose protected information by reading directory files.

The vulnerability of the IBM Security Directory Integrator and IBM Security Verify Directory Integrator software lies in their ability to disclose information by reading directory files. Exploiting this vulnerability allows a malicious actor to disclose protected information...

The vulnerability of the PowerScale OneFS operating system, related to the disclosure of information through reading directory files, allows a perpetrator to disclose protected information.

The vulnerability of the PowerScale OneFS operating system is related to the disclosure of information through the reading of directory files. Exploiting this vulnerability can allow an attacker to disclose the protected information...

The vulnerability of the IBM Control Center’s process monitoring and control system, related to the disclosure of information through the reading of directory files, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the IBM Control Center’s process monitoring and control system lies in the fact that it exposes information through the reading of files in the directory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected...

xfsdump bug fix and enhancement update

An update is available for xfsdump. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The xfsdump package contains xfsdump, xfsrestore, and other utilities for...

The vulnerability in the opj2_decompress program of the OpenJPEG library allows a attacker to cause a service failure.

The vulnerability of the opj2decompress program in the OpenJPEG image encoding and decoding library is related to improper handling of directories containing a large number of files. Exploiting this vulnerability allows an attacker to cause service interruptions...

SUSE CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename...

APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the...

UBUNTU-CVE-2021-29338

Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service DoS. This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files...

PT-2021-7386 · Openjpeg +11 · Openjpeg +11

Name of the Vulnerable Software and Affected Versions: OpenJPEG version 2.4.0 Description: The issue is related to an integer overflow in OpenJPEG, which can be triggered by a remote attacker using the command line option "-ImgDir" on a directory containing a large number of files, specifically...

CVE-2021-26067

Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions...

Arbitrary File Read Vulnerability in MTS Transcoding Server of Suzhou Kedar Technology Co.

Ltd. is a provider of video and security products and solutions, dedicated to video conferencing, video surveillance and video application solutions to help various government and enterprise customers to solve visual communication and management challenges. An arbitrary file read vulnerability...

CVE-2019-14744

A flaw was found in the KDE Frameworks KConfig prior to version 5.61.0. Certain syntax commands were allowed in .desktop, .directory, and configuration files to allow flexible configurations with the desktop environment. An attacker could add malicious code to a file that a user would...