CVE-2026-41063

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization...

Astra Linux - уязвимость в rsync

A flaw was discovered in rsync. When the --safe-links option is used, the rsync client fails to properly verify whether a symbolic link destination sent from the server contains another symbolic link within it. This leads to a path traversal vulnerability, which may result in arbitrary file writi...

CVE-2026-33500 AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass:...

CVE-2026-33500 AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass:...

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the custom ParsedownSafeWithLinks class disabling the safe mode, which could lead to...

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2026-1145)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : rsync (EulerOS-SA-2026-1145)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destinati...

EulerOS Virtualization 2.10.0 : rsync (EulerOS-SA-2026-1196)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destinati...

MiracleLinux 8 : rsync-3.1.3-21.el8_10 (AXSA:2025-9746:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9746:06 advisory. rsync: Path traversal vulnerability in rsync CVE-2024-12087 rsync: --safe-links option bypass leads to path traversal CVE-2024-12088 rsync: Race...

MiracleLinux 9 : rsync-3.2.5-3.el9 (AXSA:2025-10080:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10080:08 advisory. rsync: Path traversal vulnerability in rsync CVE-2024-12087 rsync: --safe-links option bypass leads to path traversal CVE-2024-12088 rsync: Race...

MiracleLinux 7 : rsync-3.1.2-12.0.3.el7.AXS7 (AXSA:2025-9708:04)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9708:04 advisory. CVE-2024-12087: fix path traversal vulnerability in rsync enabled by the '--inc-recursive' option CVE-2024-12088: make --safe-links stricter CVEs:...

JLSEC-2025-327 A flaw was found in rsync

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

CLSA-2025-1763136711 Fix CVE(s): CVE-2022-29154, CVE-2024-12087, CVE-2024-12088

SECURITY UPDATE: malicious remote servers to write arbitrary files inside the directories of connecting peers: - debian/patches/els/0001-CVE-2022-29154.patch: fix insufficient validation of file names. - CVE-2022-29154. SECURITY UPDATE: path traversal vulnerability. -...

EUVD-2017-17748

Malware in sbrugna...

RLSA-2025:7050 Moderate: rsync security update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

rsync security update

An update is available for rsync. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rsync utility enables the users to copy and synchronize files locally or...

EUVD-2024-17361

Malicious code in bioql PyPI...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in rsync [CVE-2024-12088]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in rsync, due to an issue when using the --safe-links option, where the client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it...

CLSA-2025-1752247531 rsync: Fix of CVE-2024-12088

CVE-2024-12088: fix path traversal vulnerability in symbolic link destinations when using --safe-links option...

rsync: --safe-links option bypass leads to path traversal

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...