PT-2026-23442

Name of the Vulnerable Software and Affected Versions pyLoad versions 0.5.0b3.dev13 through 0.5.0b3.dev96 Description pyLoad contains a flaw in the edit package function where insufficient sanitization of the pack folder parameter allows for path traversal. The existing protection uses a single...

PT-2026-23440

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.20.1 Description Backstage is a framework for building developer portals. A flaw in how Backstage handles SCM URLs within integrations permitted path traversal sequences, even when encoded. This allowed requests t...

PT-2026-23450

Name of the Vulnerable Software and Affected Versions Python-Markdown versions prior to 3.8.1 Description A flaw exists in Python-Markdown version 3.8 where improperly formed HTML-like sequences can trigger an unhandled AssertionError within the html.parser.HTMLParser during Markdown processing...

PT-2026-23557

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

Python-Markdown 安全漏洞

Python-Markdown is an open-source Python implementation of a Markdown parser. Version 3.8 of Python-Markdown contains a security vulnerability. This vulnerability stems from malformed HTML sequences, which can lead to unhandled assertion errors, potentially causing remote denial-of-service attack...

📄 basic-ftp downloadToDir() Path Traversal

basic-ftp versions prior to 5.2.0 suffer from a path traversal vulnerability in downloadToDir. ============================================================================================================================================= | Title : basic-ftp prior to version 5.2.0 Path Traversal in...

CVE-2025-69534

The CVE-2025-69534 affects Python-Markdown 3.8, where malformed HTML-like sequences trigger an unhandled AssertionError in html.parser.HTMLParser during Markdown parsing. This can produce a remote, unauthenticated Denial of Service for applications rendering untrusted Markdown, with potential inf...

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

Important: libsoup3

Issue Overview: A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing...

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

Zed < 0.224.4 Multiple Path Traversal Vulnerabilities

The version of Zed installed on the remote host is prior to 0.224.4. It is, therefore, affected by multiple vulnerabilities: - A Zip Slip path traversal vulnerability exists in the extension archive extraction functionality. The extractzip function fails to validate ZIP entry filenames for path...

CVE-2026-3234

A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoin...

Directory Traversal

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal via the restorebackup function. An attacker can overwrite arbitrary files outside the intended extraction directory by uploading a specially...

changedetection.io has Zip Slip vulnerability in the backup restore functionality

Summary A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. Details A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. The...

GHSA-25G8-2MCF-FCX9 changedetection.io has Zip Slip vulnerability in the backup restore functionality

Summary A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. Details A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. The...

CVE-2026-28427

OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does not properly sanitize path components. By including ../ sequences in the request path, an attacker can traverse outside the intended...

CVE-2026-28518

OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or...

EUVD-2026-9494

OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does not properly sanitize path components. By including ../ sequences in the request path, an attacker can traverse outside the intended...