Exploit for Use of Incorrectly-Resolved Name or Reference in Apache Tomcat

CVE-2025-24813 - Apache Tomcat Partial PUT + Deserialization R...

Magento SessionReaper

This module exploits CVE-2025-54236 SessionReaper, a critical vulnerability in Magento/Adobe Commerce that allows unauthenticated remote code execution. The vulnerability stems from improper handling of nested deserialization in the payment method context, combined with an unauthenticated file...

GLSA-200801-11 : CherryPy: Directory traversal vulnerability

The remote host is affected by the vulnerability described in GLSA-200801-11 CherryPy: Directory traversal vulnerability CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession.getfilepath function before using it as part of the file name. Impact : A remote...

CherryPy: Directory traversal vulnerability

Background CherryPy is a Python-based, object-oriented web development framework. Description CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession.getfilepath function before using it as part of the file name. Impact A remote attacker could exploit this...