vLLM 安全漏洞

vLLM is an open-source solution designed for LLM-based models, featuring high throughput and efficient memory usage for reasoning and services. Version vLLM 0.19.0 contains a security vulnerability. This vulnerability stems from unknown handling operations in the OpenAI-compatible Serving Path...

CVE-2026-35356 uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

CVE-2026-35356 uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

CVE-2025-65411

A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the searchpath parameter...

GNU Unrtf 安全漏洞

GNU Unrtf is a document format conversion tool from the US GNU community. A security vulnerability exists in GNU Unrtf that stems from a null pointer dereference in the src/path.c component, which could lead to a denial of service attack...

CVE-2025-65411

A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the searchpath parameter...

EUVD-2024-16796

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-7418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks...

D-Link DAP-1620 安全漏洞

The D-Link DAP-1620 is a wireless repeater extender from D-Link. The D-Link DAP-1620 suffers from a buffer overflow vulnerability that stems from the Path component's setwsaction function failing to properly validate the length of the input data, which could be exploited by an attacker to execute...

PT-2025-54207

Name of the Vulnerable Software and Affected Versions GNU Unrtf versions 0.21.10 Description A flaw exists in the src/path.c component of GNU Unrtf that can lead to a Denial of Service DoS. The issue is due to a NULL pointer dereference triggered by a crafted payload injected into the search path...

haproxy security update

1.8.27-5.1 - Reject '' as part of URI path component CVE-2023-45539, RHEL-18168...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a memory leak in rxd...

DEBIAN-CVE-2024-1019

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string...

Apache httpd URL normalization inconsistency

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

Book Store Management System 跨站脚本漏洞

Book Store Management System is an online bookstore system by Carlo Montero, an individual developer. A security vulnerability exists in Book Store Management System v1.0, which originates in the booktitle parameter of its /bsmsci/index.php/book component, allowing an attacker to execute arbitrar...

CVE-2022-43222

open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PFCP packet...

object-path 安全漏洞

object-path is a personal developer's Npm library for accessing variables in data structures via paths. object-path versions prior to 0.11.6 have a security vulnerability that results from a type obfuscation vulnerability when the path component used in the path parameter is an array. No details ...

python: CRLF injection via the path part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2019-2080)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/',...

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...