Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient path sanitization in the osfs.ChrootOS component. An attacker can gain unauthorized access to unintended filesystem locations by supplying crafted paths containing directory traversal sequences...

Arbitrary File Read And Write

Incus is vulnerable to arbitrary file read and write. The vulnerability is due to improper enforcement of the pongo2 chroot isolation mechanism in instance template files, which allows an attacker to bypass filesystem restrictions and perform arbitrary file read/write operations on the host syste...

Apache Camel: org.apache.camel: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection

A flaw was found in Apache Camel. A remote attacker with Java Message Service JMS producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows f...

GHSA-M8FG-67J7-CX4V Portainer has a path traversal in backup archive extraction that allows arbitrary file write

Summary Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function ExtractTarGz in api/archive/targz.go constructed output paths using filepath.Cleanfilepath.JoinoutputDirPath, header.Name. This combination does not...

Portainer has a path traversal in backup archive extraction that allows arbitrary file write

Summary Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function ExtractTarGz in api/archive/targz.go constructed output paths using filepath.Cleanfilepath.JoinoutputDirPath, header.Name. This combination does not...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the ExtractTarGz process. An attacker can write arbitrary files to locations outside the intended extraction directory by submitting a crafted .tar.gz archive containing directory traversal sequences. This is only...

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the pgbasebackup or pgrewind process. An attacker can overwrite arbitrary files on the local system by leveraging symlink following, potentially hijacking the operating system account. This is on...

CVE-2026-42881 STIGQter: Arbitrary File Write leading to Local Code Execution via Export HTML

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...

CVE-2026-42881

STIGQter (open-source reimplementation of DISA STIG Viewer) prior to 1.2.7 contains a vulnerability where an attacker can achieve local code execution with the user’s privileges by persuading a user to open a crafted .stigqter file and run the Export HTML action. The CVE entry and CVE List title ...

CVE-2026-42881 STIGQter: Arbitrary File Write leading to Local Code Execution via Export HTML

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution LCE with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run th...

Path Traversal

org.eclipse.basyx:basyx.sdk is vulnerable to Path Traversal. The vulnerability is due to inadequate path normalization of the fileName parameter in the Submodel HTTP API, which allows an attacker to write arbitrary files to the host filesystem and potentially execute malicious code...

Linux Distros Unpatched Vulnerability : CVE-2026-6959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symli...

CVE-2026-41489

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

CVE-2026-34653

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

CVE-2026-6815

An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perform a Path Traversal attack to create or overwrite arbitrary files anywhere on the host filesystem,...

CVE-2026-20916 BIG-IQ iControl REST vulnerability

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

GHSA-3636-H3VX-6465 esm.sh: Legacy Route Path Traversal Can Lead to RCE

Impact - Arbitrary File Write – An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE – By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. Exploit The legacy router...

esm.sh: Legacy Route Path Traversal Can Lead to RCE

Impact - Arbitrary File Write – An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE – By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. Exploit The legacy router...

CVE-2026-44257

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new FilebaseDir, zipEntry.getName with no canonical-path check. An entry name such as ../../../pwned.jsp escapes the intended extraction directory and lands anywhere the Tomca...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the exec2 process. An attacker can access or modify arbitrary files on the client host by exploiting symbolic link handling. Remediation Upgrade github.com/hashicorp/nomad-driver-exec2/pkg/util to version 0.1.2 or...