Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : NNCP vulnerability (USN-8359-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8359-1 advisory. It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote...

USN-8359-1: NNCP vulnerability

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...

CVE-2026-41144

CVE-2026-41144 affects F Prime prior to 4.2.0. The vulnerability arises from an integer overflow in a bounds check: adding byteOffset and dataSize uses 32-bit unsigned addition that can wrap around. With a crafted DataPacket (e.g., byteOffset=0xFFFFFF9C, dataSize=100), the check is bypassed and a...

CVE-2026-41144 F´ (F Prime) has Integer Overflow in FileUplink

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

openSUSE Security Advisory (SUSE-SU-2026:0424-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-GF2C-JWCJ-X929 vlt Mishandles Path Sanitization for tar

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction...

EUVD-2025-26231

Malicious code in bioql PyPI...

OPENSUSE-SU-2022:0715-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe bsc1192153. - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite bsc1191963. - CVE-2021-32804: Fixed...

PT-2021-5756 · Npm +7 · Node-Tar +7

Name of the Vulnerable Software and Affected Versions: node-tar versions prior to 3.3.2, 4.4.14, 5.0.6, and 6.1.1 Description: The issue is related to the node-tar module for handling tar archives in Node.js, which has a problem with incorrect filtering of the '/' character sequence. This could...

redhat-certification: rhcertStore.py: __saveResultsFile allows to write any file

It has been discovered that redhat-certification does not properly sanitize paths in rhcertStore.py:saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution...

DEBIAN-CVE-2004-0426

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path...