PT-2026-44160

Summary The compliance-trestle library's remote fetching cache mechanism HTTPSFetcher and SFTPFetcher constructs the local cache file path from the URL path component without sanitizing path traversal sequences ../. When a remote OSCAL profile references a URL with traversal in its path, the HTTP...

PT-2026-44005

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled...

PT-2026-43632

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on...

SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2026:2029-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2029-1 advisory. This update for vim fixes the following issue: Security fixes: - CVE-2026-39881: command injection in NetBeans interfac...

PT-2026-43681

Name of the Vulnerable Software and Affected Versions Tassos Framework versions prior to 6.1.0 Description A flaw in the Tassos Framework Plugin enables users to perform arbitrary file deletion on affected sites. Arbitrary file deletion is a condition where an attacker can delete any file on the...

Jenkins plugins Multiple Vulnerabilities (2026-05-27)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross- site scripting XSS vulnerability...

Jenkins Credentials Binding Plugin 安全漏洞

The Jenkins Credentials Binding Plugin is an open-source plugin developed by Jenkins that binds secure credentials stored in Jenkins to environment variables during build processes. The Jenkins Credentials Binding Plugin versions 720.v3f6decef43ea and earlier contain security vulnerabilities. The...

CentOS 9 : vim-8.2.2637-29.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the vim-8.2.2637-29.el9 build changelog. - Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 Note that Nessus has not tested for this issue but has inste...

Casdoor 3.54.1 - Arbitrary File Write via Path Traversal

Exploit Title: Casdoor 3.54.1 - Arbitrary File Write via Path Traversal Date: 2026-05-11 Exploit Author: sixpain Vendor Homepage: https://casdoor.org/ Software Link: https://github.com/casdoor/casdoor Version: 3.54.1 Tested on: Linux / Docker CVE : CVE-2026-6815 """ Casdoor Arbitrary File Write /...

CVE-2026-44788

SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...

CVE-2026-44788 SharpCompress: Directory traversal via directory entries in WriteToDirectory (zip slip variant)

SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...

EUVD-2026-32013

SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...

WordPress Xpro Elementor Addons - Pro plugin <= 1.4.7 - Pro <= 1.4.7 - Authenticated (Contributor+) Arbitrary File Read vulnerability

WordPress Xpro Elementor Addons - Pro plugin = 1.4.7 - Pro = 1.4.7 - Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin Xpro Elementor Addons - Pro versions = 1.4.7...

GHSA-VGWR-23FQ-PR7G XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin

Impact A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requir...

XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin

Impact A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary files. While the consequences could be severe like overriding configuration files and setting the superadmin password, the attack first requir...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the uploadedFileSaveIn function, which uses filepath.Join with user-supplied directory input but does not validate the resulting path boundaries. An attacker can write files outside the intended web root by...

USN-8307-1 onnx vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

USN-8307-1: ONNX vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

CVE-2026-48126

Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the...

CVE-2026-41917

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...