CVE-2026-0270 Cortex XSOAR: Path Traversal Vulnerability

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle MITM attack, to write arbitrary files to the...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Personal space feature. that is selected when no componentId is set. An attacker can read files outside the intended directory by omitting componentId while selecting 'Personal space. Details A Directory...

CVE-2026-50567

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry name with the destination directory via filepath.Join and wrote the result...

CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

CVE-2026-45556

Roxy-WI (versions <= 8.2.6.4) is affected by CVE-2026-45556. The vulnerability arises in POST /waf///rule//save: the config_file_name field is passed to config_mod.master_slave_upload_and_restart(...) as the destination path. The validation only checks that the path contains a service substrin...

CVE-2026-53476 Assisted-migration-agent: vddk tarball chained-symlink arbitrary file write

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

CVE-2026-53476

The CVE-2026-53476 vulnerability affects the assisted-migration-agent and is triggered by an unauthenticated attacker on the same LAN who crafts a gzipped tarball to exploit a path traversal flaw, bypassing security checks and writing arbitrary files to the system. This leads to potential unautho...

CVE-2026-53476

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

CVE-2026-52755

Ghidra prior to version 12.0.4 is affected by a path traversal vulnerability in the theme import functionality. An attacker can craft theme ZIP files containing traversal sequences in filenames to write outside the intended theme directory, enabling arbitrary code execution or modification of sen...

CVE-2026-52752 Ghidra < 12.0.2 - Path Traversal in Extension Installer via ZIP Entry Names

Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with traversal sequences like ../ in filenames to write arbitrary files outside the intended directory, enabli...

Assisted Migration Agent 后置链接漏洞

Assisted Migration Agent is an open-source virtualization environment data collection and migration planning tool developed by KubeV2V. Assisted Migration Agent has a post-installation vulnerability, which stems from an unauthenticated attacker located within the same network. This attacker...

PT-2026-48557

A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle MITM attack, to write arbitrary files to the...

Dulwich 路径遍历漏洞

Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich from 0.10.0 to 1.2.5 contained a path traversal vulnerability. This vulnerability stemmed from the fact that the path element verifier on Windows allowed filenames that were interpreted...

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.2 contained a path traversal vulnerability. This vulnerability stemmed from the extended installer’s failure to...

Directory Traversal

Overview org.springframework.integration:spring-integration-file is a Spring Integration File Support Affected versions of this package are vulnerable to Directory Traversal via improper validation of file paths received from FTP, SFTP, or SMB servers. A malicious or compromised server can write...

National Security Agency Ghidra 路径遍历漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to 12.0.4 contained a path traversal vulnerability. This vulnerability stemmed from the theme import feature not verifying...

CVE-2026-34657 CAI Content Credentials | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to...

CVE-2026-34657

CAI Content Credentials affects [email protected], c2pa-v0.80.1 and earlier. It is an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) that could allow arbitrary file write. Exploitation requires user interaction: a victim must extract a crafted file. Impact is limited to...

CVE-2026-44275

Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...