CVE-2026-45230

DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit th...

EUVD-2026-30790

DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit th...

PT-2026-41715

Name of the Vulnerable Software and Affected Versions DumbAssets versions 1.0 through 1.0.11 Description A path traversal issue exists in the 'POST /api/delete-file' endpoint via the filesToDelete array parameters. This allows unauthenticated attackers to bypass directory boundary validation by...

sublinear-time-solver has a Path Traversal Issue

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

CVE-2026-7645 ruvnet sublinear-time-solver MCP server.js export_state path traversal

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function exportstate of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The...

CVE-2026-7234

The CVE-2026-7234 entry concerns BrowserOperator browser-operator-core (up to 0.6.0). The vulnerability affects the function startsWith in scripts/component_server/server.js, where manipulation of the request.url argument enables path traversal. The issue can be triggered remotely via a network a...

CVE-2026-7234 BrowserOperator browser-operator-core server.js startsWith path traversal

A weakness has been identified in BrowserOperator browser-operator-core up to 0.6.0. Affected is the function startsWith of the file scripts/componentserver/server.js. Executing a manipulation of the argument request.url can lead to path traversal. The attack can be launched remotely. The exploit...

browser-operator-core 路径遍历漏洞

Browser-Operator-core is a privacy-first AI browser developed by BrowserOperator. It supports local execution and multi-agent automation. Versions of Browser-Operator-core prior to 0.6.0 have a path traversal vulnerability. This vulnerability stems from the request.url parameter in the startsWith...

XXE

Install dependencies npm init -y npm install e...

EUVD-2014-1237

Malware in sbrugna...

EUVD-2023-2815

Malicious code in bioql PyPI...

EUVD-2025-1559

Malicious code in bioql PyPI...

CVE-2025-7579

A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to th...

CVE-2025-7579 chinese-poetry server.js redos

A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to th...

CVE-2023-26152

All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js...

CVE-2014-125068

A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patch is named 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix th...

DOMPurify 安全漏洞

DOMPurify is a DOM Document Object Model for HTML, MathML and SVG written in JavaScript by Cure53 Personal Developer. A security vulnerability exists in DOMPurify 3.2.5 and earlier versions that stems from scripts/server.js not ensuring that the pathname is in the current working directory...

CVE-2025-0224

Provision-ISR CVE-2025-0224 affects SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX (up to 20241220). Root cause: manipulation of an unknown functionality in /server.js leads to information disclosure; attack can be launched remotely and the exploit ...

CVE-2025-0224 Provision-ISR SH-4050A-2 server.js information disclosure

A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2LMM, SH-8100A-2LMM, SH-16200A-21U, SH-16200A-51U and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to...

PT-2025-3794 · Provision Isr · Provision-Isr Sh-16200A-2 +5

Name of the Vulnerable Software and Affected Versions: Provision-ISR SH-4050A-2 Provision-ISR SH-4100A-2LMM Provision-ISR SH-8100A-2LMM Provision-ISR SH-16200A-21U Provision-ISR SH-16200A-51U Provision-ISR NVR5-8200PX up to 20241220 Description: A vulnerability was found in Provision-ISR devices,...