Directory Traversal

Overview org.springframework.cloud:spring-cloud-config-server is a library that provides an HTTP resource-based API for external configuration. Affected versions of this package are vulnerable to Directory Traversal via the retrieve and binary methods in ResourceController. An attacker can read...

RHCOS : OpenShift Container Platform 4.8.25 (RHSA-2021:5208)

The remote Red Hat Enterprise Linux CoreOS host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5208 advisory. - haproxy: does not ensure that the scheme and path portions of a URI have the expected characters CVE-2021-39240 - haproxy: an HTTP...

PT-2026-38063

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and...

CVE-2026-40331

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...

GHSA-V8H7-RR48-VMMV Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection

Summary Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same...

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

Summary A vulnerability in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve HTTP handler. The serve handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS...

CVE-2026-22679

Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 - Copy Fail - Script de detection Script Pytho...

CVE-2026-5957

The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to and including 1.6.5. This is due to a flawed path traversal validation in the createtemplate method of the CheckForm class, where realpath is called on the allowed base directory...

openmrs-core 路径遍历漏洞

OpenMRS-core is an open-source electronic medical record system developed by OpenMRS. OpenMRS-core has a path traversal vulnerability. This vulnerability stems from the getFile method in ModuleResourcesServlet, which does not validate path boundaries. As a result, unauthorized attackers may be ab...

PT-2026-38895

Summary Submodule name validation bypass plus missing validation in production code paths allows path traversal via crafted .gitmodules. Combined with a trust inheritance flaw in Submodule::open, this enables reading arbitrary git repository configs including credentials from traversed paths with...

Jupyter Server 安全漏洞

Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. Jupyter Server versions 2.17.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the Origin header validation mechanism, which uses...

CVE-2026-42076 Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the extractLLM function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to...

EUVD-2026-27009

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the extractLLM function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to...

PT-2026-36762

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...

Public Voting Records: A Record, or an Attack Surface?

This is a whitepaper discussing a formal methodology for auditing voter-file disclosure regimes against linkage attacks...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Block: Fixed the issue where queues could freeze during storage operations in sysfs. The queueattrstore function always freezes the device queue before performing the attribute storage operation. For attributes that control...

Astra Linux – Vulnerability in Golang-1.15

In Go, encoding/xml in versions before 1.15.9 and 1.16.x before 1.16.1 may lead to an infinite loop if a custom TokenReader used for xml.NewTokenDecoder returns EOF midway through an element. This issue can occur in the Decode, DecodeElement, or Skip methods...