uutils coreutils has a Link Following Issue Via rm Utility

A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...

MAL-2025-8608 Malicious code in @malware-test-drail-reran-otter-theek/test-mlw3-drail-reran-otter-theek (npm)

The package @malware-test-drail-reran-otter-theek/test-mlw3-drail-reran-otter-theek was found to contain malicious code...

CVE-2019-17137

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings...

Mozilla Thunderbird Path String Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation developed from the Mozilla Application Suite independent of the e-mail client software, support for IMAP, POP mail protocol and HTML mail format. A path string vulnerability exists in Mozilla Thunderbird versions prior to 52.5.2. An...

openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:3434-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Cross-site Scripting (XSS)

github.com/koding/koding is vulnerable to cross-site scripting XSS attacks. The vulnerability exists because path string is not encoded properly to handle cross-site scripting...