CVE-2026-35525 LiquidJS has a root restriction bypass for partial and layout loading through symlinked templates

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for % include %, % render %, and % layout %, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is path-based, not...

EUVD-2026-20594

LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates...

UBUNTU-CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

PT-2021-2473

Name of the Vulnerable Software and Affected Versions Accellion FTA versions 9 12 370 and earlier Description The issue is related to a lack of protection against SQL query structure exploitation. This can be exploited by a remote attacker to execute arbitrary SQL code and gain unauthorized acces...

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...

PT-2019-4343 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.837 Description: The issue concerns a CSRF vulnerability in the forgot password function, allowing an attacker to change the password for the root account. This vulnerability can be exploited by a remote attacke...

[SECURITY] Fedora 10 Update: sudo-1.6.9p17-5.fc10

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

kimwebsites-upload.txt

S4rK3VT Hacking TEAM Title: KimWebsite fckeditor Remote Arbitrary File Upload Vendor: http://sourceforge.net/project/showfiles.php?groupid=196819 discover by : Ciph3r We Are : Ciph3r & Rake [email protected] Impact: Medium Fix: N/A Expl0ters Security TEAM == www.Expl0iters.ir -...

Fedora Core 4 : kernel-2.6.14-1.1653_FC4 (2005-1138)

This update fixes several minor security related issues. A problem was discovered where users could reprogram keys, leaving 'traps' for the next user of a console. The ability has been restricted to root. A 32 bit integer overflow was discovered in the invalidateinodepages2 function which could...