Adobe Commerce 路径遍历漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. Adobe Commerce has a path traversal vulnerability, which stems from improper path name restrictions. This vulnerability may allow arbitrary file system reads and writes...

CVE-2026-26228

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

CVE-2025-40605

CVE-2025-40605 affects SonicWall Email Security appliances and is a path traversal vulnerability that lets an attacker manipulate file system paths by inserting directory-traversal sequences (e.g., ../) to access files outside restricted paths. The advisory set confirms related fixes in SonicWall...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS version 15.2, which stems from the fact that an application may be able to read and write files outside of its sandbox...

bubblewrap and flatpak security update

An update is available for bubblewrap. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged...

flatpak: Access to files outside sandbox for apps using persistent= (--persist)

A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...

go-fastdfs 代码问题漏洞

go-fastdfs is a simple distributed file system private cloud storage, with no center, high performance, high reliability, maintenance-free and other advantages, support for intermittent uploads, chunked uploads, small file merging, auto-synchronization, auto-repair. sjqzhang go-fastdfs version...

OESA-2022-1641 perl-DBI security update

The DBI is the standard database interface module for Perl.It defines a set of methods, variables and conventions that providea consistent database interface independent of the actual database being used.It is important to remember that the DBI is just an interface.The DBI is a layer of "glue"...

UBUNTU-CVE-2014-10401

An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute...

Directory Traversal

serveryyl is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...

Directory Traversal

yxxserver is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...

samba: Insufficient symlink verification in smbd

An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path...