BIT-PYTHON-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

BIT-PYTHON-MIN-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

CVE-2026-7217

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function readdocx/readxlsx/readpptx/listxlsxsheets/readpdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads t...

CVE-2026-7217

Summary: CVE-2026-7217 affects Deepractice PromptX ≤ 2.4.0. The vulnerability lies in the Document File Handler’s index.ts functions read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf, where manipulation of the argument path enables absolute path traversal. This is a remote-execution-capable...

CVE-2026-3087

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

EUVD-2026-25922

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

CVE-2026-29050

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...

CVE-2026-29050 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...

CVE-2026-29050

CVE-2026-29050 – melange path traversal : Affected versions: 0.32.0 through before 0.43.4. An attacker who can influence a melange configuration file (e.g., via PR-driven CI or build‑as‑a‑service) could set pipeline[].uses to absolute paths or include “..”, which were passed to filepath.Join with...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation in the sanitizePath function. An attacker can access or modify files outside the intended directory boundary by crafting paths that bypass prefix-based checks. Details A Directory Traversal...

EUVD-2026-24517

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...

CVE-2026-6832

Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint that allows authenticated attackers to delete files outside the session directory by supplying an absolute path or path traversal payload in the sessionid parameter. Attackers can exploit unvalidate...

CVE-2026-6832

CVE-2026-6832 affects Nesquena Hermes WebUI. The vulnerability resides in the /api/session/delete endpoint where an unvalidated session_id enables an authenticated attacker to bypass the SESSION_DIR boundary using absolute or path traversal payloads, enabling deletion of writable JSON files outsi...

PT-2026-34195

Name of the Vulnerable Software and Affected Versions Hermes WebUI affected versions not specified Description An arbitrary file deletion issue exists in the '/api/session/delete' endpoint. Authenticated attackers can delete files outside the session directory by providing an absolute path or pat...

CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

EUVD-2026-20630

opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking...

GHSA-HFVC-G4FC-PQHX opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

Summary The fix for GHSA-9h8m-3fm2-qjrq CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/hostid.go line 42: if result, err :=...

opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

Summary The fix for GHSA-9h8m-3fm2-qjrq CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. Root Cause sdk/resource/hostid.go line 42: if result, err :=...

CVE-2026-34730 Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...

PT-2026-29671

Name of the Vulnerable Software and Affected Versions Copier versions prior to 9.14.1 Description The external data feature in Copier allows templates to load YAML files using paths controlled by the template. This can allow a malicious template to read YAML-parseable local files accessible to th...