PT-2026-23756

Name of the Vulnerable Software and Affected Versions Flare versions prior to 1.7.2 Description Flare, a Next.js-based file sharing platform, had a flaw where authenticated, non-owner users could access private files if they knew the file URL. This occurred because the raw and direct file routes...

CVE-2026-26993 Flare has XSS vulnerability in Raw File Preview

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG or other active content formats such as HTML...

CVE-2026-26993 Flare has XSS vulnerability in Raw File Preview

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG or other active content formats such as HTML...

EUVD-2016-1016

Malware in sbrugna...

EUVD-2013-5199

Malware in sbrugna...

EUVD-2024-0849

Malicious code in bioql PyPI...

GHSA-655H-HG88-5QMF Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety

The API of xcb::Connection has constructors which allow an arbitrary RawFd to be used as a socket connection. On either failure of these constructors or on the drop of Connection, it closes the associated file descriptor. Thus, a program which uses an OwnedFd such as a UnixStream as the file...

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

RUSTSEC-2025-0051 `xcb::Connection::connect_to_fd*` functions violate I/O safety

The API of xcb::Connection has constructors which allow an arbitrary RawFd to be used as a socket connection. On either failure of these constructors or on the drop of Connection, it closes the associated file descriptor. Thus, a program which uses an OwnedFd such as a UnixStream as the file...

`xcb::Connection::connect_to_fd*` functions violate I/O safety

The API of xcb::Connection has constructors which allow an arbitrary RawFd to be used as a socket connection. On either failure of these constructors or on the drop of Connection, it closes the associated file descriptor. Thus, a program which uses an OwnedFd such as a UnixStream as the file...

PT-2025-34467 · Crates.Io · Xcb

The API of xcb::Connection has constructors which allow an arbitrary RawFd to be used as a socket connection. On either failure of these constructors or on the drop of Connection, it closes the associated file descriptor. Thus, a program which uses an OwnedFd such as a UnixStream as the file...

[SECURITY] Fedora 40 Update: LibRaw-0.21.4-1.fc40

LibRaw is a library for reading RAW files obtained from digital photo cameras CRW/CR2, NEF, RAF, DNG, and others. LibRaw is based on the source codes of the dcraw utility, where part of drawbacks have already been eliminated and part will be fixed in future...

SUSE CVE-2024-27933

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node childproce...

PT-2024-16682 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild versions up to 3.5.5 Description: A vulnerability was found in the function getFileOfData of the file /filex/read-raw. The manipulation of the argument url leads to cross-site scripting. It is possible to launch the attack remotely. T...

PT-2025-2863 · Debian · Debian

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue involves path traversal in the view issue raw file function. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

SUSE CVE-2014-9640

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service out-of-bounds read via a crafted raw file...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

Confluence RCE CVE-2022-26134 Exploit Detection Pre-requ...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

Confluence RCE CVE-2022-26134 Exploit Detection Pre-requ...

AZL-6444 CVE-2021-43618 affecting package gmp for versions less than 6.2.1-2

GNU Multiple Precision Arithmetic Library GMP through 6.2.1 has an mpz/inpraw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms...

XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool

XSpear is XSS Scanner on ruby gems Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflectedor all params Reflected Params All paramsfor blind xss, anytings Filtered test...