CVE-2025-11233 Rust standard library didn't detect all path separators on Cygwin

Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could...

Local File Inclusion (LFI)

parisneo/lollms is vulnerable to Local File Inclusion LFI. The vulnerability is due to insufficient path sanitization in the sanitizepathfromendpoint function, which does not properly handle Windows-style paths backward slash \, which allows attackers to exploit directory traversal on Windows...