CVE-2025-66905
The CVE-2025-66905 entry concerns the Takes web framework, specifically the TkFiles component up to 2.0-SNAPSHOT, which fails to canonicalize HTTP request paths before filesystem access. This allows a remote attacker to include ../ sequences in the request path to escape the configured base direc...