GHSA-897W-FCG9-F6XJ Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path...

Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows

Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accepted tree entries whose filenames contained bytes that Windows interprets as structural path syntax: - \ — the Windows path...

CVE-2026-44885 Portainer: Path traversal in backup archive extraction allows arbitrary file write

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...

Directory Traversal

Overview shamefile is an A cli tool to enforce documentation for code suppressions Affected versions of this package are vulnerable to Directory Traversal via the shame next process when processing a user-controlled shamefile.yaml. An attacker can disclose the contents of files outside the intend...

GHSA-4Q5V-7G7X-J79W compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

Relevant Products/Components: trestle/core/commands/author/jinja.py trestle author jinja --- Detailed Description: The -o/--output argument in trestle author jinja allows writing files outside the intended workspace. The application does not properly validate: ../ ..\ absolute paths This allows...

compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

Relevant Products/Components: trestle/core/commands/author/jinja.py trestle author jinja --- Detailed Description: The -o/--output argument in trestle author jinja allows writing files outside the intended workspace. The application does not properly validate: ../ ..\ absolute paths This allows...

CVE-2026-44593

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

ibmasm: fix OOB reads in command_file_write due to missing size checks

...

Directory Traversal

Overview org.jenkins-ci.plugins:credentials-binding is a plugin that allows credentials to be bound to environment variables for use from miscellaneous build steps. Affected versions of this package are vulnerable to Directory Traversal due to improper sanitization of file names for file and zip...

CVE-2026-32997

CVE-2026-32997 affects the Linux-based Veeam Software Appliance used by Veeam Backup & Replication. An authenticated user with the Backup Administrator role can write arbitrary files on the affected server. The issue is documented as high severity (CVSS 4.0 base 8.6) with network attack vector bu...

CVE-2026-32997

A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server...

CVE-2026-32997

A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server...

CVE-2026-32997

A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server...

EUVD-2026-32713

A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server...

PT-2026-44724

Name of the Vulnerable Software and Affected Versions python311-dulwich versions prior to 1.2.5-1.1 Description Security issues were identified in the python311-dulwich package. Recommendations Update to version 1.2.5-1.1...

PT-2026-44730

Relevant Products/Components: trestle/core/commands/author/jinja.py trestle author jinja --- Detailed Description: The -o/--output argument in trestle author jinja allows writing files outside the intended workspace. The application does not properly validate: ../ .. absolute paths This allows...

Veeam Backup And Replication 安全漏洞

Veeam Backup and Replication is a backup and replication software developed by the American company Veeam. There is a security vulnerability in Veeam Backup and Replication, which may allow authenticated users with the role of backup administrators to write arbitrary files on Linux-based servers...

PT-2026-44175

Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication affected versions not specified Description An authenticated user with the Backup Administrator role can write arbitrary files on Linux-based servers. This issue allows users with specific administrative privileges t...

Directory Traversal

Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to Directory Traversal through remote cache fetching. An attacker can write arbitrary files to locations outside the intended cache...

GHSA-G3VG-VX23-3858 compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal

Summary The compliance-trestle library's remote fetching cache mechanism HTTPSFetcher and SFTPFetcher constructs the local cache file path from the URL path component without sanitizing path traversal sequences ../. When a remote OSCAL profile references a URL with traversal in its path, the HTTP...