CVE-2026-41211 `vite-plus/binding` has path traversal `downloadPackageManager()` that leads to writes outside of `VP_HOME`

Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, downloadPackageManager accepts an untrusted version string and uses it directly in filesystem paths. A caller can supply ../ segments or an absolute path to escape the VPHOME/packagemanager// cache root and...

CVE-2026-41211 `vite-plus/binding` has path traversal `downloadPackageManager()` that leads to writes outside of `VP_HOME`

Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, downloadPackageManager accepts an untrusted version string and uses it directly in filesystem paths. A caller can supply ../ segments or an absolute path to escape the VPHOME/packagemanager// cache root and...

EUVD-2018-0279

Malware in sbrugna...

CVE-2017-16132

simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16132

CVE-2017-16132 concerns simple-npm-registry, a local npm package cache. Multiple connected sources confirm a directory traversal vulnerability in simple-npm-registry: an attacker can craft a URL containing relative path sequences (e.g., ../../) to access files outside the intended directory root....

apt-cacher and apt-cacher-ng HTTP Response Splitting Vulnerability

apt-cacher is a set of software used to cache debian packages. apt-cacher-ng is an HTTP protocol proxy for Linux systems. An HTTP response splitting vulnerability exists in versions of apt-cacher before 1.7.15 and apt-cacher-ng before 3.4. An attacker can exploit this vulnerability to inject HTTP...