algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained a security vulnerability. This vulnerability stemmed from the process of traversing parent directories upwards during directory requests to find the handler.lua file. This could allow...

GHSA-XWCR-WM99-G9JC Algernon: handler.lua discovery walks parent directories above the server root

Summary When Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute as the request handler. The loop terminates only after 100 ancest...

PT-2026-41969

Name of the Vulnerable Software and Affected Versions Algernon version 1.17.6 Description An issue exists where the software performs an unbounded upward search for a file named handler.lua when a request is made for a URL path that resolves to a directory without an index file. This search can...

Bitdefender BOX 2 bootstrap update_setup command execution vulnerability

Summary An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution o...