Path Traversal

Hugo is vulnerable to Path Traversal. The vulnerability is due to unrestricted execution of Node-based asset pipeline tools such as PostCSS, Babel, and TailwindCSS during site builds, allowing code from untrusted sites to read or write files outside the project's working directory when processed ...

Directory Traversal

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Directory Traversal via the serveStatic function. An attacker can access arbitrary files outside the intended static directory by sending crafted HTTP requests...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

EsafeNet CDG 安全漏洞

EsafeNet CDG is a document security management system from EsafeNet, China. A security vulnerability exists in EsafeNet CDG version 5. An attacker can exploit the vulnerability to access files and directories stored outside the web root folder...