CVE-2022-38668

HTTP applications servers based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB...

AZL-73526 CVE-2025-69226 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

CVE-2025-27098

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...

CVE-2018-19637 Static temporary filename allows overwriting of files

Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supplog, allowing local attackers to overwrite files on systems without symlink protection...