s&box Duplicator: serialize contraptions in selection space (not world space) for correct paste orientation

s&box SaveSystem: [Sync]-only properties need separate snapshot/restore — they are not captured by scene diff

s&box: Persisting save data with FileSystem.Data.WriteJson / ReadJson

CVE-2022-40304 libxml2 dict corruption via entity reference cycles

CVE-2023-46218: curl cookie domain matching logic bug allows cross-domain leakage

CVE-2023-46218 curl cookie mixed-case PSL bypass in Curl_cookie_add

tar CVE-2016-6321: Path-traversal via unvalidated --strip-components

CVE-2018-20483: wget --xattr leaks URL credentials into user.xdg.origin.url extended attribute

CVE-2024-38428: GNU Wget url_skip_credentials mishandles ';' in userinfo, enabling hostname confusion

CVE-2022-40304: Dict Corruption via Entity Reference Cycles in libxml2

CVE-2020-8177: curl -J + -i local file overwrite via header-callback file creation bypass

CVE-2023-38545: SOCKS5 Heap Overflow from Hostname Length Truncation

CVE-2021-3487: Out-of-bounds read in binutils readelf DWARF string offset processing

CVE-2022-38126: Memory Leak in BFD DWARF Abbreviation Table Handling

CVE-2018-20483: Information Leak via Extended File Attributes in wget

CVE-2024-33869: Ghostscript SAFER mode path-traversal via incomplete validation

CVE-2018-20483: wget leaks HTTP Basic-Auth credentials into user.xdg.origin.url xattr

CVE-2018-20483 - Information Leak via Extended File Attributes in wget

CVE-2018-20483: wget --xattr leaks userinfo (user:password) into persistent extended attributes

CVE-2018-20483: wget --xattr leaks HTTP Basic-Auth credentials into user.xdg.origin.url