CVE-2026-39973 Apktool: Path Traversal to Arbitrary File Write

Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a...

CVE-2026-39973

CVE-2026-39973 affects Apktool up to version 3.0.1, where a path traversal flaw in BrutIO/ResFileDecoder.java allows a crafted APK to write arbitrary files to the host filesystem during decoding. The issue arises from removal of the path-sanitizing call (BrutIO.sanitizePath()) in the decoding pat...

CVE-2026-39861

CVE-2026-39861 affects Claude Code prior to version 2.1.64. The sandbox could be escaped by following symlinks outside the workspace when a path under a symlink was written to, allowing an unsandboxed process to reach arbitrary locations. This could enable code execution outside the sandbox under...

CVE-2026-39861 Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace

Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the...

CVE-2026-39377

The CVE-2026-39377 entry concerns nbconvert (Jupyter nbconvert). The vulnerability occurs in the ExtractAttachmentsPreprocessor for Jinja-templated notebook conversions, where attachment filenames are passed directly to the filesystem without sanitization. Affected versions are 6.5 through 7.17.0...

CVE-2026-39377 nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...

CVE-2026-39377 nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The...

Apktool 路径遍历漏洞

Apktool is a reverse-engineering tool for Android APK files developed by Connor Tumbleson. Versions 3.0.0 and 3.0.1 of Apktool contain a path traversal vulnerability. This vulnerability stems from a path traversal issue in the brut/androlib/res/decoder/ResFileDecoder.java file. It could allow a...

PT-2026-33878

Name of the Vulnerable Software and Affected Versions nbconvert versions 6.5 through 7.17.0 Description The nbconvert tool converts Jupyter notebooks to various formats using Jinja templates. A path traversal issue exists where the ExtractAttachmentsPreprocessor function passes attachment filenam...

Lego 安全漏洞

Lego is an open-source library written in Go by go-acme. Versions of Lego before 4.34.0 have security vulnerabilities; these vulnerabilities stem from path traversal in the webroot HTTP-01 challenge provider, which could lead to arbitrary file writing and deletion...

PT-2026-33997

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

Seeyon OA A8 代码问题漏洞

Seeyon OA A8 is a collaborative office management system developed by the Chinese company Seeyon. There is a code vulnerability in Seeyon OA A8. This vulnerability stems from an unauthenticated file writing operation at the /seeyon/htmlofficeservlet endpoint. This could allow a remote attacker to...

PT-2026-34063

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint locale/save.php constructs a file path by directly concatenating $ POST'flag' into the path at line 30 without any sanitization. The $ POST'code' parameter is then written verbatim to that path via...

PT-2026-34226

Name of the Vulnerable Software and Affected Versions F Prime versions prior to 4.2.0 Description An integer overflow occurs during a bounds check where the addition of byteOffset and dataSize wraps around on overflow. This allows a specially crafted DataPacket to bypass the check, enabling a fil...

VulnCheck KEV: CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013009)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013009 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in markinodedirty An use-after-free issue occurred when...

Directory Traversal

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Directory Traversal through the files request parameter in the dataflow import parsers. An attacker with administrative privileges can read...

CVE-2026-41245

Junrar is an open source java RAR archive library. Prior to version 7.5.10, a path traversal vulnerability in LocalFolderExtractor allows an attacker to write arbitrary files with attacker-controlled content into sibling directories when a crafted RAR archive is extracted. Version 7.5.10 fixes th...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0144-1 Rating: important References: 1261157 1261488 Cross-References: CVE-2026-35537 Affected Products: openSUSE Backports SLE-15-SP6 An update that solves one vulnerability and has one errata is now...

CVE-2026-40491

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...