Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/06/11 5:10 p.m.12 views

@hapi/inert has a static-file confinement bypass via sibling-prefix path

Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...

5.6AI score0.00062EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/17 10:2 a.m.3 views

CVE-2025-66675

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related...

8.2CVSS6.9AI score0.01456EPSS
Exploits0References1
NVD
NVD
added 2025/12/10 10:16 a.m.8 views

CVE-2025-66675

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related...

8.2CVSS0.00508EPSS
Exploits0References2
Atlassian
Atlassian
added 2025/12/02 9:27 p.m.12 views

DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to expos...

7.5CVSS6.8AI score0.01124EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/07/15 12:0 a.m.5 views

PT-2022-22378 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions 7.1.x before 7.1.1 Description: The issue concerns the potential leakage of an encrypted Private Key passphrase in the logs. Recommendations: For Couchbase Server versions 7.1.x before 7.1.1, update to version 7.1.1 ...

5.9CVSS5.7AI score0.00524EPSS
Exploits0References4
Snyk
Snyk
added 2022/05/24 4:57 p.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialize function in the JSONSerializer class. An attacker can execute arbitrary code by sending a crafted JSON payload to the affected system. Details Serialization is a process of convertin...

9.8CVSS7.8AI score0.45653EPSS
Exploits1References2
Rows per page
Query Builder