988 matches found
CVE-2026-40005
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...
CVE-2026-40005
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...
CVE-2026-59820
A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. An authenticated user, with specific API route access, could upload a specially crafted skill archive. This archive, containing path traversal entries, would allow files to be written outside of the designated extracti...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path key in blobs.yaml. An attacker can write arbitrary files and exfiltrate sensitive information by supplying crafted input that causes traversal outside the intended directory. Details A Directory Traversa...
CVE-2026-47826 - blobs.yaml Path Traversal Allows File Writes | Cloud Foundry
HIGH CVSSv4: High 8.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSSv3: High 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor CloudFoundry Foundation Versions Affected Severity is HIGH unless otherwise noted. BOSH CLI tool – All versions prior to v7.10.4 Description T...
Updated yt-dlp packages fix security vulnerabilities
CVE-2026-50019 If curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. CVE-2026-50023 A vulnerability exists in yt-dlp that allows a remote attacker to write...
CVE-2026-55700
A flaw was found in pnpm, a package manager. A remote attacker could exploit a vulnerability in the pnpm stage download command by providing a specially crafted package manifest. This could allow the attacker to write files to arbitrary locations on the system, leading to unauthorized modificatio...
CVE-2026-8387
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...
EUVD-2026-40957
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...
Linux Distros Unpatched Vulnerability : CVE-2026-56377
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attacke...
PT-2026-54931
Name of the Vulnerable Software and Affected Versions allegroai/clearml versions prior to 2.1.6 Description Relative path traversal occurs during the extraction of .zip archives via the ZipFile.extractall method within the StorageManager. extract to cache function. This is caused by a lack of pat...
PYSEC-2026-411 Mesop has a Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion
Summary A Path Traversal vulnerability allows any user or attacker supplying an untrusted statetoken through the UI stream payload to arbitrarily target files on the disk under the standard file-based runtime backend. This can result in application denial of service via crash loops when reading...
PYSEC-2026-323 DB-GPT Absolute Path Traversal vulnerability
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...
CVE-2026-57966 Spice-vdagent: path traversal in file transfer via unsanitized filename
A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...
CVE-2026-57966
Summary (CVE-2026-57966): A path traversal flaw in spice-vdagent allows a malicious/untrusted SPICE host to write arbitrary files on the guest filesystem via an unsanitized filename during file transfers. The vulnerability enables writes with the spice-vdagent process privileges (usually the logg...
Directory Traversal
Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Directory Traversal via the configDependencies process. An attacker can create symlinks outside the intended directory by supplying crafted package names with traversal components in...
CVE-2026-29509 Patool < 4.0.5 Path Traversal via safe_extract() Function
Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...