Ruby Rack < 2.2.22 / 3.0.0.beta1 < 3.1.20 / 3.2.0 < 3.2.5 Multiple Vulnerabilities

The version of the Rack Ruby library installed on the remote host is prior to 2.2.22, 3.x prior to 3.1.20, or 3.2.x prior to 3.2.5. It is, therefore, affected by multiple vulnerabilities: - Rack::Directory’s path check used a string prefix match on the expanded path. A request like...

CVE-2026-25500 Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename starts with the javascript: scheme e.g. javascript:alert1, the...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

Siemens SIMATIC Devices Stack-based Buffer Overflow (CVE-2023-4273)

This vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stac...

EUVD-2022-2146

Malicious code in bioql PyPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unvalidated rparent leading to a contention condition that could cause a state change to be applied to th...

Vegagrup Software Vega Master 安全漏洞

Vegagrup Software Vega Master is a web-based reporting system from Vegagrup Software, Turkey. A security vulnerability exists in Vegagrup Software Vega Master versions v.1.12.35 through 20250916, which stems from a directory index that exposes sensitive system information...

CVE-2023-52569 btrfs: remove BUG() after failure to insert delayed dir index item

In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG after failure to insert delayed dir index item Instead of calling BUG when we fail to insert a delayed dir index item into the delayed node's tree, we can just release all the resources we have allocated/acquire...

DEBIAN-CVE-2023-4273

A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file...

CVE-2023-4273

A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file...

CVE-2023-4273

CVE-2023-4273 affects the Linux kernel exFAT driver. The vulnerability arises from how file name reconstruction copies file name data into a stack variable, enabling a local privileged attacker to overflow the kernel stack. Connected advisories confirm real-world impact and list affected kernels;...

CVE-2023-27583

CVE-2023-27583 affects PanIndex prior to version 3.1.3, where a hard-coded JWT signing key named “PanIndex” enables an attacker to forge tokens and perform admin actions. The issue is mitigated by upgrading to 3.1.3, which ships a patch. As a temporary workaround, the source code can be modified ...

CentOS 7 : thunderbird (RHSA-2022:5773)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:5773 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.12.0. Security Fixes: Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 CVE-2022-2505 Mozilla: Directory indexes for bundled resources reflected URL parameters CVE-2022-36318...

GHSA-393X-FR59-R8FG statics-server Cross-site Scripting vulnerability

An XSS in statics-server element without escaping, which allows to embed HTML tag with src attribute points to another HTML file in the directory. This file can contain malicious JavaScript code, which will be executed: js // ./nodemodules/statics-server/index.js, line 18:...

statics-server Cross-site Scripting vulnerability

An XSS in statics-server element without escaping, which allows to embed HTML tag with src attribute points to another HTML file in the directory. This file can contain malicious JavaScript code, which will be executed: js // ./nodemodules/statics-server/index.js, line 18:...

Cisco Adaptive Security Appliance - Path Traversal Exploit

Exploit for hardware platform in category web applications require 'msf/core' class MetasploitModule "Cisco Adaptive Security Appliance - Path Traversal", 'Description' = %q Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an...

Node.js third-party modules: [public] Path traversal using symlink

I would like to report Path traversal vulnerability in public module Module module name: public version: 0.1.4 npm page: https://www.npmjs.com/package/public Module Description Run static file hosting server with specified public dir & port. Support a "direcotry index" like Apache httpd. Module...

Mozilla Firefox 64 Information Disclosure Exploit

Mozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker. Product: Firefox Manufacturer: Mozilla Affected Versions: = 64 Teste...