Plenti < v0.7.2 - OS Command Injection

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

Security Bulletin: Multiple Vulnerabilities in IBM Bob

Summary Multiple vulnerabilities were addressed in IBM Bob V 1.0.2 Vulnerability Details CVEID:CVE-2026-39407 DESCRIPTION: Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static...

portofolio_DWForSec

DwF — Cybersecurity Portfolio A professional cybersecurity po...

CVE-2026-39408

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...

CVE-2026-39408 Hono has a path traversal in toSSG() allows writing files outside the output directory

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...

CVE-2026-39408

CVE-2026-39408 affects Hono, a web application framework for JavaScript runtimes. A path traversal flaw in toSSG() prior to version 4.12.12 can cause generated static site files to be written outside the configured output directory when dynamic routes use ssgParams. Multiple connected sources (NV...

CVE-2026-39408 Hono has a path traversal in toSSG() allows writing files outside the output directory

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...

GHSA-XF4J-XP2R-RQQX Hono: Path traversal in toSSG() allows writing files outside the output directory

Summary A path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially crafted values can cause generated file paths to escape the intended output directory. Details The...

PT-2026-31282

Summary A path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially crafted values can cause generated file paths to escape the intended output directory. Details The...

Hono 路径遍历漏洞

Hono is a web framework built with TypeScript in the Hono community. Versions of Hono prior to 4.12.12 contained a path traversal vulnerability. This vulnerability stemmed from issues with the toSSG function, which allowed for path traversal attacks, potentially leading to files being written...

AltumCode 66biolinks security vulnerabilities

AltumCode 66biolinks is a platform-building script provided by AltumCode Corporation. The version 44.0.0 of AltumCode 66biolinks contains a security vulnerability. This vulnerability stems from a directory-traversal vulnerability present in the static site functionality, which could lead to...

VulnCheck KEV: CVE-2024-49380

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the...

EUVD-2021-1294

Malware in sbrugna...

EUVD-2020-5530

Malware in sbrugna...

EUVD-2024-3458

Malicious code in bioql PyPI...

EUVD-2024-1268

Malicious code in bioql PyPI...

nightmare

This repository is an introduction to binary exploitation and reverse engineering course based on CTF challenges, called "Nightmare". It contains a large amount of content, with over 90 challenges, laid out in a linear fashion, and well-documented write-ups explaining how to go from being handed...

decap-cms 安全漏洞

decap-cms is a Git-based static site generator from Decap CMS open source. A security vulnerability exists in decap-cms 3.8.3 and earlier versions, which stems from cross-site scripting and could lead to the execution of arbitrary JavaScript...

CVE-2024-49381

Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerabili...

Plenti 安全漏洞

Plenti is a static site generator from Plentico open source. A security vulnerability exists in Plenti version 0.7.16 and earlier, which stems from an uploaded .svelte filename that could be executed as code, leading to code execution...