20802 matches found
PT-2026-24073
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.10 Description A path traversal flaw exists in the /export endpoint, allowing an attacker to read arbitrary files from the server filesystem. Exploitation involves using double-encoded traversal sequences to access...
Linux Distros Unpatched Vulnerability : CVE-2026-28348
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips...
Directory Traversal
Overview dbt-common is a The shared common utilities that dbt-core and adapter implementations use Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can write files outside the intended extraction directory by supplying a malicious...
Directory Traversal
Overview std/os is a Go standard library package std/os Affected versions of this package are vulnerable to Directory Traversal. Go Vulnerability Report:On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the archive extraction process. An attacker can access or modify arbitrary files on the system by crafting a package containing symlinks that point outside the intended destination directory. Details A Directory...
Security Bulletin: IBM Engineering Requirements Management DOORS and DOORS Web Access is affected by multiple vulnerabilities
Summary This release addresses multiple security vulnerabilities across various components of IBM Engineering Requirements Management DOORS and DOORS Web Access product. Many vulnerabilities are rated Critical CVSS ≥ 9.0, including a Tomcat rewrite rule bypass CVE-2025-31651, Tomcat Improper...
EUVD-2018-21636
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...
EUVD-2018-21638
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...
CVE-2018-25181
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...
CVE-2018-25184
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...
OESA-2026-1529 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...
OESA-2026-1528 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...
OESA-2026-1527 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...
CVE-2018-25184
Surreal ToDo 0.6.1.2 contains a Local File Inclusion in index.php via the content parameter, allowing unauthenticated attackers to read arbitrary files (e.g., configuration/initialization files). This is triggered by directory traversal sequences supplied through content and leads to potential ex...
CVE-2018-25184
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...
CVE-2018-25184 Surreal ToDo 0.6.1.2 Local File Inclusion via index.php
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...
CVE-2018-25184 Surreal ToDo 0.6.1.2 Local File Inclusion via index.php
Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences through the content parameter in index.php to access sensitive system files li...
CVE-2018-25181 Musicco 2.0.0 Arbitrary Directory Download via Path Traversal
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...
CVE-2018-25181
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...
CVE-2018-25181
Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter in the getAlbum endpoint, resulting in ZIP downloads of sensitive system directories. The issue affects the getAlbum path traversal fu...