Jellyfin <10.7.0 - Local File Inclusion

Jellyfin before 10.7.0 is vulnerable to local file inclusion. This issue is more prevalent when Windows is used as the host OS. Servers exposed to public Internet are potentially at risk. id: CVE-2021-21402 info: name: Jellyfin 10.7.0 - Local File Inclusion author: dwisiswant0 severity: medium...

PaperCut NG < 25.0.11 Path Traversal (CVE-2026-6418)

The version of PaperCut NG installed on the remote Windows host is prior to 25.0.11. It is, therefore, affected by a vulnerability: - A path traversal vulnerability exists in the Shared Account Synchronization component of PaperCut NG/MF. Due to a lack of proper path validation and sanitization, ...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Webroot HTTP-01 challenge provider. An attacker can write arbitrary files to the filesystem by supplying crafted challenge tokens containing directory traversal sequences. Details A Directory Traversal attack...

CVE-2026-40515

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

LocalS3 Project Bucket Operations Vulnerable to XML External Entity (XXE) Injection

Description The LocalS3 project contains an XML External Entity XXE Injection vulnerability in its bucket operations that process XML data. Specifically, the vulnerability exists in the bucket ACL and bucket tagging operations. The application processes XML input without properly disabling extern...