463 matches found
CVE-2024-8244
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...
CVE-2024-8244
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...
CVE-2024-8244 Walk/WalkDir in path/filepath susceptible to symlink race
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...
CVE-2024-8244 Walk/WalkDir in path/filepath susceptible to symlink race
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...
CVE-2024-8244
The CVE concerns Go’s filepath.Walk and filepath.WalkDir, which are documented to not follow symbolic links and are subject to a TOCTOU race where a path segment can be replaced by a symlink during traversal. The material here does not specify affected versions, exact vulnerable components beyond...
CVE-2024-8244
The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU time of check/time of use race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress...
Kingdee Cloud-Starry-Sky Enterprise Edition 路径遍历漏洞
Kingdee Cloud-Starry-Sky Enterprise Edition is a digital transformation solution for growing enterprises from China's Kingdee. A path traversal vulnerability exists in Kingdee Cloud-Starry-Sky Enterprise Edition 8.2 and earlier versions, which stems from path traversal due to incorrect operation ...
CVE-2025-54072
yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...
CVE-2025-54072 yt-dlp allows `--exec` command injection when using placeholder on Windows
yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...
CVE-2025-54072 yt-dlp allows `--exec` command injection when using placeholder on Windows
yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...
CVE-2025-54072 yt-dlp allows `--exec` command injection when using placeholder on Windows
yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...
CVE-2025-6925
A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the argument filePath...
RuoYi-Vue-Plus 安全漏洞
RuoYi-Vue-Plus is a development framework from the Chinese organization dromara. A security vulnerability exists in RuoYi-Vue-Plus version 5.4.0, which stems from an incorrect manipulation of the parameter filePath in the file MailController.java, resulting in path traversal...
CVE-2025-45890
Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter...
CVE-2025-45890
Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter...
CVE-2025-5114
A vulnerability has been found in easysoft zentaopms 21.520250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor=edit=cGhhcjovLy9ldGMvcGFzc3dk=edit of the component Committer. The manipulation of the argument filePath leads to...
H3C SecCenter SMP-E1114P02 路径遍历漏洞
H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C. A path traversal vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from path traversal due to incorrect operation of the parameter filePath in the file...
CVE-2025-5114
A vulnerability has been found in easysoft zentaopms 21.520250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. The manipulation of the argument filePath lea...
CVE-2024-28550
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function...
CVE-2024-24024
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...