Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate index root when initialize NTFS security This enhances the sanity check for $SDH and $SII while initializing NTFS security, guarantees these index root are legit. 162.459513 BUG: KASAN: use-after-free in...

CVE-2026-27115

ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data...

CVE-2026-27115 ADB Explorer is Vulnerable to Arbitrary Directory Deletion via Command-Line Argument

ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data...

CVE-2025-62464

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

EUVD-2025-18645

Malicious code in bioql PyPI...

CVE-2025-6240

Improper Input Validation vulnerability in Profisee on Windows filesystem modules allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2...

parisneo/lollms Local File Inclusion (LFI) attack

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash , allowing attackers to perform directory traversal attacks on Windows systems...

GHSA-VQWR-Q6CC-C242 parisneo/lollms Local File Inclusion (LFI) attack

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash , allowing attackers to perform directory traversal attacks on Windows systems...

CVE-2024-4315

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash , allowing attackers to perform directory traversal attacks on Windows systems...

CVE-2024-4315

CVE-2024-4315 affects parisneo/lollms v9.5 and is a Local File Inclusion (LFI) flaw caused by insufficient path sanitization in the function that processes endpoints. The code fails to properly sanitize Windows-style paths (backslash), enabling directory traversal on Windows systems. Attackers co...

CVE-2024-4315 LFI Vulnerability due to Lack of Path Sanitization in parisneo/lollms

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash , allowing attackers to perform directory traversal attacks on Windows systems...

CVE-2023-36605

Windows Named Pipe Filesystem Elevation of Privilege Vulnerability...

Tofu - Windows Offline Filesystem Hacking Tool For Linux

A modular tool for hacking offline Windows filesystems and bypassing login screens. Can do hashdumps, OSK-Backdoors, user enumeration and more. How it works : When a Windows machine is shut down, unless it has Bitlocker or another encryption service enabled, it's storage device contains everythin...

Tuxera NTFS-3G 缓冲区错误漏洞

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . A buffer overflow vulnerability exists in NTFS-3G in versions prior to 2021.8.22. The vulnerability is caused by an application incorrectly validating certain NT...

CVE-2019-1932 Cisco Advanced Malware Protection for Endpoints Windows Command Injection Vulnerability

A vulnerability in Cisco Advanced Malware Protection AMP for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit thi...

spring-framework: Directory traversal vulnerability with static resources on Windows filesystems

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...