CVE-2022-46171

Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As...

CVE-2025-31486 Vite allows server.fs.deny to be bypassed with .svg or relative paths

Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than...

CVE-2024-43399

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...

PT-2023-32906 · Unknown · Gopeak Masterlab

Name of the Vulnerable Software and Affected Versions: gopeak MasterLab versions up to 3.3.10 Description: A critical vulnerability was found in the HTTP POST Request Handler component of gopeak MasterLab. This issue affects the sqlInject function in the file app/ctrl/Framework.php. The...

BossCMS V1.1 Arbitrary File Download Vulnerability in Background

BossCMS is a safe, stable, good, permanent free open source, independent research and development of PHP framework for enterprise building system. BossCMS background arbitrary file download vulnerability, attackers can use the vulnerability to download any file in the server...

Design/Logic Flaw

An Uncontrolled Search Path Vulnerability is applicable to the following: Dell Update Package DUP Framework file versions prior to 19.1.0.413, and Framework file versions prior to 103.4.6.69 used in Dell EMC Servers. Dell Update Package DUP Framework file versions prior to 3.8.3.67 used in Dell...