All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the intended directory.

CVE Database V5

Detailed information about CVE-2025-8021: Directory Traversal in files-bucket-server affecting null files-bucket-server. Get real-time updates, technical detail

CVE-2025-8021: Directory Traversal in files-bucket-server - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8021: Directory Traversal in files-bucket-server

All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the package's source code.

Detailed information about CVE-2025-8020: Server-Side Request Forgery (SSRF) in private-ip affecting null private-ip. Get real-time updates, technical details, 

CVE-2025-8020: Server-Side Request Forgery (SSRF) in private-ip - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8020: Server-Side Request Forgery (SSRF) in private-ip

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

CVE-2025-24928 is a high-severity stack-based buffer overflow vulnerability identified in the widely used XML parsing library libxml2, specifically affecting versions prior to 2.12.10 and 2.13.x versions before 2.13.6. The vulnerability resides in the function xmlSnprintfElements within the valid.c source file. This function is involved in DTD (Document Type Definition) validation, a process that checks the structure and validity of XML documents against their DTDs. The flaw can be triggered when libxml2 processes an untrusted XML document or an untrusted DTD that requires validation. Exploiting this vulnerability could allow an attacker to overflow a stack buffer, potentially leading to arbitrary code execution or application crashes. The vulnerability is similar in nature to CVE-2017-9047, which also involved stack-based buffer overflow in libxml2 during DTD validation. According to the CVSS 3.1 scoring, this vulnerability has a score of 7.8, indicating high severity. The vector string (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N) shows that the attack requires local access (AV:L), high attack complexity (AC:H), no privileges (PR:N), and no user interaction (UI:N). The scope is changed (S:C), and the impact on confidentiality and integrity is high (C:H/I:H), while availability is not affected (A:N). No known exploits are currently reported in the wild, and no patches are linked in the provided data, but upgrading to libxml2 versions 2.12.10 or 2.13.6 and later is expected to mitigate the issue. This vulnerability is critical for applications that parse XML documents with DTD validation enabled, especially when processing untrusted input, as it could allow local attackers to execute arbitrary code or escalate privileges through crafted XML data.

Detailed information about CVE-2025-24928: CWE-121 Stack-based Buffer Overflow in xmlsoft libxml2 affecting xmlsoft libxml2. Get real-time updates, technical de

CVE-2025-24928: CWE-121 Stack-based Buffer Overflow in xmlsoft libxml2 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-24928: CWE-121 Stack-based Buffer Overflow in xmlsoft libxml2

SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact on availability and no impact on confidentiality of the application.

CVE-2025-42947 is a medium-severity vulnerability affecting the SAP FICA ODN framework, a component used in SAP's financial contract accounting solutions. The vulnerability is categorized under CWE-94, which involves improper control of code generation. Specifically, this flaw allows a high-privileged user to inject values into a local variable that the application subsequently executes as code. This code injection capability means that an attacker with elevated privileges can manipulate the application's behavior, potentially altering business logic or financial calculations. The vulnerability impacts multiple versions of SAP products, including SAPSCORE 132, S4CORE versions 102 through 108, and FI-CA versions 606 through 618. The CVSS v3.1 score is 5.5, reflecting a medium severity level. The vector indicates that the attack can be performed remotely (AV:N) with low attack complexity (AC:L), but requires high privileges (PR:H) and no user interaction (UI:N). The scope is unchanged (S:U), with no confidentiality impact (C:N), high integrity impact (I:H), and low availability impact (A:L). No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability's root cause is the improper sanitization or validation of injected code within local variables, allowing execution of arbitrary code within the context of the application. This can lead to unauthorized modification of financial data or application logic, undermining data integrity while leaving confidentiality unaffected. Availability impact is low, meaning the application remains largely operational despite exploitation.

Detailed information about CVE-2025-42947: CWE-94: Improper Control of Generation of Code in SAP_SE SAP FICA ODN framework affecting SAP_SE SAP FICA ODN framewo

CVE-2025-42947: CWE-94: Improper Control of Generation of Code in SAP_SE SAP FICA ODN framework - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-42947: CWE-94: Improper Control of Generation of Code in SAP_SE SAP FICA ODN framework

All versions of the package bun are vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the $ shell API due to improper neutralization of user input. An attacker can exploit this by providing specially crafted input that includes command-line arguments or shell metacharacters, leading to unintended command execution.

Detailed information about CVE-2025-8022: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in bun affecting null bun. 