Basic FTP has Path Traversal Vulnerability in its downloadToDir() method

The basic-ftp library contains a path traversal vulnerability in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the intended download directory. Source-to-Sink Flow 1. SOURC...

SUSE-SU-2026:0649-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. - CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. - CVE-2026-24676: heap-use-after-free in audioformatcompatible bsc1257983. - CVE-2026-24679:...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

CVE-2026-27699 Basic FTP has Path Traversal Vulnerability in its downloadToDir() method

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

CVE-2026-27699

The CVE affects the Node.js FTP client library basic-ftp prior to version 5.2.0, where the downloadToDir() method is vulnerable to a path traversal (CWE-22). A malicious FTP server can emit directory listings containing filenames with traversal sequences ("../"), causing files to be written outsi...

TFTP Path Traversal

...

CVE-2026-3179

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path...

Explainability-Aware Evaluation of Transfer Learning Models for IoT DDoS Detection under Resource Constraints

Distributed denial-of-service DDoS attacks threaten the availability of Internet of Things IoT infrastructures, particularly under resource-constrained deployment conditions. Although transfer learning models have shown promising detection accuracy, their reliability, computational feasibility, a...

PT-2026-21879

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1 ASUSTOR ADM versions 5.0.0 through 5.1.2.RE51 Description A path traversal issue exists in the FTP Backup feature of ASUSTOR ADM. The software does not adequately sanitize filenames received from a...

ROS-20260224-73-0014

Vulnerability in moodle related to information disclosure during data transfer. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

SolarWinds Serv-U 代码问题漏洞

SolarWinds Serv-U is an FTP File Transfer Protocol server software developed by the American company SolarWinds. SolarWinds Serv-U has a code vulnerability that stems from type confusion, which may lead to the execution of arbitrary local code...

Wing-FTP-Privilege-Escalation-Tar-Extraction-Exploit

Wing-FTP-Privilege-Escalation-Tar-Extraction-Exploit This...

CVE-2026-26365

Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing pat...

CVE-2026-26365

Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing pat...

PT-2026-21505

Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing pat...

CVE-2026-26365

Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing pat...

CVE-2026-2490

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged...

Exploit for Incorrect Resource Transfer Between Spheres in Openclaw

OpenClaw — публичная документация Санитизированные версии раб...

CVE-2026-2490

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged...

CVE-2026-2490

RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obtain the ability to execute low-privileged...