Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the updateWikiPage function that allows a user with write access to a given repository's wiki to delete files with the oldtitle parameter. Details A Directory Traversal attack also known as path traversal aims to...

GHSA-MRPH-W4HH-GX3G Gogs has arbitrary file read/write via Path Traversal in Git hook editing

Vulnerability Description In the endpoint: /username/reponame/settings/hooks/git/:name the :name parameter: Is URL-decoded by macaron routing, allowing decoded slashes / Is then passed directly to: go git.Repository.Hook"customhooks", name which internally resolves the path as: go...

Gogs has arbitrary file read/write via Path Traversal in Git hook editing

Vulnerability Description In the endpoint: /username/reponame/settings/hooks/git/:name the :name parameter: Is URL-decoded by macaron routing, allowing decoded slashes / Is then passed directly to: go git.Repository.Hook"customhooks", name which internally resolves the path as: go...

CVE-2026-1523

Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U Azkoyen Group. This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http:///..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd'. By manipulating...

CVE-2026-25145

melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The...

CVE-2026-25475

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/fil...

CVE-2026-25575

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...

CVE-2026-25161

Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation handlers. An authenticated attacker can bypass directory-level authorisation by injecting traversal...

CVE-2026-24843

melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries...

Payload 安全漏洞

Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.74.0 have a security vulnerability. This vulnerability stems from an insecure direct object reference within the payload-preferences collection. In environments...

KRONE: Hierarchical and Modular Log Anomaly Detection

Log anomaly detection is crucial for uncovering system failures and security risks. Although logs originate from nested component executions with clear boundaries, this structure is lost when they are stored as flat sequences. As a result, state-of-the-art methods risk missing true dependencies...

PT-2026-6863

Vulnerability Description In the endpoint: /username/reponame/settings/hooks/git/:name the :name parameter: Is URL-decoded by macaron routing, allowing decoded slashes / Is then passed directly to: go git.Repository.Hook"custom hooks", name which internally resolves the path as: go...

openSUSE 16 Security Update : cups (openSUSE-SU-2026:20172-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20172-1 advisory. Update to version 2.4.16. Security issues fixed: - CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues bsc1253783. ...

PT-2026-6869

Summary A Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling the...

PT-2026-6789

Name of the Vulnerable Software and Affected Versions Pydantic AI versions 1.34.0 through 1.50.9 Description Pydantic AI contains a path traversal issue in its web UI. A crafted URL can be used by an attacker to serve arbitrary JavaScript within the application's context. This allows execution of...

PT-2026-6757

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions prior to 0.14.0 Description Gogs, an open source self-hosted Git service, contains a flaw that allows for arbitrary file read and write operations through path traversal in the Git hook editing...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the WebsiteAddContent process. An attacker can access sensitive files on the server by supplying crafted path values containing directory traversal sequences. This is only exploitable if the attacker has an...

Open Redirect

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Open Redirect via the save function. An attacker can overwrite arbitrary files on the server by uploading files with crafted filenames containing directory travers...

NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write

Summary NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to write files outside intended directories, with...

GHSA-9FFM-FXG3-XRHH NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write

Summary NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to write files outside intended directories, with...