Directory Traversal

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Directory Traversal via the replaceFile process. An attacker can delete arbitrary files within the same filesystem root by injecting path traversal sequences into the targetFilename parameter...

EUVD-2025-208733

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...

CVE-2025-52642

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...

CVE-2025-52642 HCL AION is affected by an internal filesystem paths disloser vulnerability

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...

CVE-2025-52642

CVE-2025-52642 affects HCL AION (AI lifecycle management platform). The connected documents describe a root cause where internal filesystem paths are exposed through application responses or system behavior, enabling potential information disclosure about environment structure. The impact is info...

CVE-2025-52642 HCL AION is affected by an internal filesystem paths disloser vulnerability

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...

CVE-2025-52642

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...

CVE-2025-10461 Global file reads caused by improper URL checks in webserver

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1339)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : media: v4l2-mem2mem: add lock to protect parameter numrdyCVE-2023-53519 md: Replace snprintf with scnprintfCVE-2022-50299 mm/vmscan: don't try to...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-1397)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : tcpbpf: Call skmsgfree when tcpbpfsendverdict fails to allocate psock-cork.CVE-2025-39913 md: fix rcu protection in mdwakeupthreadCVE-2025-68374...

PT-2026-25803

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-1366)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : tcpbpf: Call skmsgfree when tcpbpfsendverdict fails to allocate psock-cork.CVE-2025-39913 md: fix rcu protection in mdwakeupthreadCVE-2025-68374...

PT-2026-25754

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...

EUVD-2026-12173

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...

CVE-2026-30914 SFTPGo has a Path Traversal and Permission Bypass via Path Normalization Discrepancy

SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...

SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy

Impact In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths to bypass folder-level permissions or escape the...

PT-2026-25354

Name of the Vulnerable Software and Affected Versions SFTPGo versions prior to 2.7.1 Description SFTPGo is an open-source, event-driven file transfer solution. A path normalization discrepancy exists between the protocol handlers and the internal Virtual Filesystem routing in versions prior to...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

GHSA-M48G-4WR2-J2H6 TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction

Summary The TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system Details When running tinacms dev, the CLI...

EUVD-2026-11615

TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction...