242 matches found
EUVD-2025-200250
A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been...
CVE-2025-13876 Rareprob HD Video Player All Formats App com.rocks.music.videoplayer path traversal
A security vulnerability has been detected in Rareprob HD Video Player All Formats App 12.1.372 on Android. Impacted is an unknown function of the component com.rocks.music.videoplayer. The manipulation leads to path traversal. The attack needs to be performed locally. The exploit has been...
CVE-2025-13437 Arbitrary node_modules Directory Deletion in Google zx
When zx is invoked with --prefer-local=, the CLI creates a symlink named ./nodemodules pointing to /nodemodules. Due to a logic error in src/cli.ts linkNodeModules / cleanup, the function returns the target path instead of the alias symlink path. The later cleanup routine removes what it received...
Use of Incorrectly-Resolved Name or Reference
Overview zx is an A tool for writing better scripts Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the linkNodeModules function. An attacker can cause deletion of arbitrary directories by supplying a crafted path to the --prefer-local...
A deep dive into MUTZ
AtDEF CON 33, we shared our research into MapUrlToZone, a critical Windows security component that determines whether a given path is local, on the intranet, or on the broader Internet. This classification drives several security decisions across Windows, for example, preventing a CreateFile call...
EUVD-2017-16822
Malware in sbrugna...
EUVD-2021-24212
Malware in sbrugna...
EUVD-2024-1469
Malicious code in bioql PyPI...
EUVD-2025-21020
Malicious code in bioql PyPI...
EUVD-2025-6197
Malicious code in bioql PyPI...
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
...
CVE-2025-35112 Agiloft XML external entity local path traversal
Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31...
Linux Distros Unpatched Vulnerability : CVE-2023-28160
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive...
CVE-2025-47813
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie...
TencentOS Server 3: container-tools:rhel8 (TSSA-2024:0781)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0781 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2025-33004
CVE-2025-33004 affects IBM Planning Analytics Local (2.0 and 2.1). The vulnerability is a path traversal flaw caused by improper pathname restriction that could let a privileged user delete files from directories. Connected sources confirm affected versions 2.0–2.1 and cite the impact as file del...
GHSA-55G9-6C2X-GF8Q HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability
A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...
CVE-2021-37731
A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versions: Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address...
Azure Linux 3.0 Security Update: kubernetes / local-path-provisioner (CVE-2020-8565)
The version of kubernetes / local-path-provisioner installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-8565 advisory. - In Kubernetes, if the logging level is set to at least 9, authorization and bear...
CVE-2020-8565 affecting package local-path-provisioner for versions less than 0.0.24-5
CVE-2020-8565 affecting package local-path-provisioner for versions less than 0.0.24-5. A patched version of the package is available...