PT-2026-49066

Summary filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslashes is only a path separator on Windows. A file whose name contains Windows-style traversal ......evil.txt is accepted by the resource handlers,...

📄 WordPress Gravity Forms 2.10.0.1 File Deletion / Path Traversal

This Metasploit module exploits a vulnerability in the Gravity Forms WordPress plugin versions 2.10.0.1 and below where file URLs stored in form entries are not properly validated. An attacker can inject a crafted entry containing path traversal sequences ../ to reference files outside the intend...

MINI-GC33-F7G4-5VQJ

Bulletin has no description...

MINI-353W-MX93-WXHJ

Bulletin has no description...

MINI-PCCH-6RR4-7CVR

Bulletin has no description...

MINI-C6WP-FMQX-CJQ3

Bulletin has no description...

CGA-WWH4-9H2X-3GPJ

Bulletin has no description...

CGA-J5XP-9RPP-GM2V

Bulletin has no description...

CGA-6G7W-GC3J-V4X3

Bulletin has no description...

DEBIAN-CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

CVE-2026-11816 Path Traversal in keras-team/keras

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

MINI-HC9X-55F2-F467

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2026-49762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a deni...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in icns.js. An ICNS file with an icon entry whose declared length is zero can hang the parser indefinitely. Remediation There is no fixed version for image-size. References - GitHub PR - Vulnerability Report - Vulnerable C...

MINI-4RCF-R4V7-GPGC

Bulletin has no description...

MINI-PM4X-5449-7V75

Bulletin has no description...

MINI-P9FQ-345W-6HXC

Bulletin has no description...

MINI-M324-8XC7-CHX3

Bulletin has no description...

CVE-2025-71330 image-size 2.0.2 Denial of Service via Malformed ICNS Image Parsing

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...