OSEC-2026-08 Path traversal vulnerability in ocaml-tar

A malicious archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file write outside of the desired extraction director...

K000160934: Multiple Go vulnerabilities

Security Advisory Description CVE-2023-45285 Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This onl...

Progress OpenEdge 安全漏洞

Progress OpenEdge is an enterprise-level application development and database management platform provided by the American company Progress. There is a security vulnerability in Progress OpenEdge, which stems from improper authorization in the AdminServer component. This vulnerability could allow...

CVE-2025-48636

The CVE-2025-48636 entry concerns a path traversal vulnerability in openFile of BugreportContentProvider.java that could allow reading and writing unauthorized files, enabling local privilege escalation without extra execution privileges or user interaction. The issue affects the described openFi...

CVE-2025-48636

In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2024-17437

Malicious code in bioql PyPI...

EUVD-2025-18139

Malicious code in bioql PyPI...

Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.302 Vulnerability Details CVEID:CVE-2025-0913 DESCRIPTION: os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a...

Linux Distros Unpatched Vulnerability : CVE-2025-0913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with...

BIT-GOLANG-2025-0913 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

CVE-2025-0913 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

CVE-2025-0913 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

Symlink Attack

Overview std/os is a Go standard library package std/os Affected versions of this package are vulnerable to Symlink Attack. Go Vulnerability Report:os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems,...

Updated golang packages fix security vulnerabilities

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of OCREATE|OEXCL on Unix and Windows os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when th...

CVE-2024-51320

Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdmfsavehtmltmp, /servlet/gsdmbtlkopenfile components...

Zucchetti Ad Hoc Infinity 跨站脚本漏洞

Zucchetti Ad Hoc Infinity is an ERP software from Zucchetti. A cross-site scripting vulnerability exists in Zucchetti Ad Hoc Infinity version 2.4, which originates from cross-site scripting in the /servlet/gsdmfsavehtmltmp and /servlet/gsdmbtlkopenfile components and could lead to remote code...