7 matches found
EUVD-2022-1896
Malicious code in bioql PyPI...
PT-2025-40539
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.120 Description An issue existed where Claude Code did not properly handle symlinks when enforcing permission deny rules. Specifically, if a user blocked Claude Code’s access to a file, but Claude Code had...
CVE-2025-49538
CVE-2025-49538 affects Adobe ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier. It is an XML Injection vulnerability that can lead to arbitrary file system read (and DoS); exploitation uses crafted XML/XPath and requires access to shared secrets, with no user interaction. Adobe APSB25-69 a...
GHSA-X574-M823-4X7W Vite bypasses server.fs.deny when using ?raw??
Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or...
Symantec Altiris Deployment Solution Multiple Vulnerabilities
SUMMARY Symantecs Altiris Deployment Solution contains vulnerabilities that could potentially be leveraged for unauthorized file access or a denial of service on a client system, authentication bypass on the Server to local system-level access on a client system. AFFECTED PRODUCTS Product | Versi...
NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities.
--== NERF gr0up security advisory 2 ==-- Multiple vulnerabilities in web-shop 1C: Arcadia, in module tradecli.dll 1. Show path scripts directory. Exploit: http://host/scripts/tradecli.dll?template=nonexistfile Will show error message, witch consist full path to work dir usually /scripts. Advice f...
Множественные дырки в WebJet
Обратный путь в директориях позволяет получить любой файл с сервера, кроме того можно организовать DoS-атаку...