44435 matches found
EUVD-2026-33932
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
CVE-2026-10621 CVE-2026-10621
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
CVE-2026-32685 Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and Write
Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...
CVE-2026-32685
CVE-2026-32685 describes a path traversal in Gleam’s docs build process. The vulnerability arises from unvalidated handling of documentation.pages paths and sources in gleam.toml, enabling an attacker to read arbitrary local files and to write generated documentation outside the intended output d...
CVE-2025-66592
An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient validation of file paths in getospath function within jupyterserver/services/contents/fileio.py. An attacker can gain unauthorized read and write access to files outside the intended directory by...
OPENSUSE-SU-2026:20887-1 Security update for python-PyMuPDF
This update for python-PyMuPDF fixes the following issues: Changes in python-PyMuPDF: - CVE-2026-3029: Fixed path traversal and arbitrary file write via the embeddedget function in main.py bsc1259921...
PT-2026-45881
Name of the Vulnerable Software and Affected Versions alf.io versions prior to 2.0-M5-2606 Description The extension sandbox injects a fully-functional HTTP client simpleHttpClient into every extension script's scope. The postFileAndSaveResponse method accepts an arbitrary filesystem path via the...
PT-2026-45745
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
Alf.io 安全漏洞
Alf.io is a free and open-source event attendance management system developed by Alf.io. Versions of Alf.io prior to 2.0-M5-2606 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP Client’s postFileAndSaveResponse method, which allowed arbitrary file system paths witho...
PT-2026-45750
Name of the Vulnerable Software and Affected Versions Gleam versions 1.16.0 through 1.17.0 Description A path traversal issue exists in the handling of custom documentation pages. The documentation.pages entries within the gleam.toml file are incorporated into filesystem paths without sufficient...
gleam 安全漏洞
Gleam is an open-source, type-safe, extensible system construction language developed by Gleam. There are security vulnerabilities in the Gleam version 1.16.0 to 1.17.0. These vulnerabilities stem from insufficient validation of path handling for custom document pages, which may allow arbitrary...
Collibra Agent 安全漏洞
Collibra Agent is an enterprise-level data governance and data quality enforcement component developed by Collibra Corporation. There is a security vulnerability in Collibra Agent, which stems from a path traversal issue within the recovery processor. This vulnerability could allow attackers to...
CVE-2026-43624
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...
CVE-2026-43624 F5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project()
F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...
CVE-2026-43624
F5-TTS up to v1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized project names to os.path.join() without validating the resulting path. An attacker can supply absolute paths (e.g., /t...
CVE-2026-42679 WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8...
CVE-2026-42679 WordPress Classified Listing plugin <= 5.3.8 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Mamunur Rashid Classified Listing allows Path Traversal. This issue affects Classified Listing: from n/a through 5.3.8...
CVE-2026-42679
CVE-2026-42679 affects the WordPress plugin Classified Listing (versions
USN-8359-1 nncp vulnerability
It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...