11 matches found
GHSA-3363-2PH6-35WH Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator
Summary A path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder flag, it exposes a GET /files/filename:path download endpoint. The filename path parameter is concatenated directly onto args.folder with no...
CVE-2026-27467 BigBlueButton: Audio from participants to the server initially unmuted
BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...
CVE-2026-24936
When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991151)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991151 advisory. In the Linux kernel, the following vulnerability has been resolved: mac80211: fix potential double free on mesh join While commit 6a01afcf8468 mac80211: mesh: Free ...
UBUNTU-CVE-2025-66221
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...
Virtuozzo Hybrid Infrastructure 7.1 Hotfix 1 (7.1.0-187)
This update provides important security fixes. Vulnerability id: VSTOR-89294 A fix for volume attachment. Vulnerability id: VSTOR-107377 Failed to move domains to a mount point during an update. Vulnerability id: VSTOR-111693 A stability fix for QEMU. Vulnerability id: VSTOR-115326 Failed to set...
EUVD-2005-4729
Malware in sbrugna...
CVE-2023-52971
MariaDB Server 10.10 through 10.11. and 11.0 through 11.4. crashes in JOIN::fixallsplittingsinplan...
OESA-2025-1091 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
SUSE CVE-2012-0049
OpenTTD before 1.1.5 contains a Denial of Service slow read attack that prevents users from joining the server...
mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join
A flaw was found in MariaDB. An issue in the component, Usedtablesandconstcache::usedtablesandconstcachejoin, of the MariaDB Server v10.7 allows attackers to cause a denial of service DoS via specially crafted SQL statements, impacting availability...