1271 matches found
Exploit for CVE-2025-52913
CVE-2025-52913 - MiCollab Path Normalization Vulnerability...
CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
pf4j is vulnerable to Path Traversal or Zip Slip attack through improper handling of zip entry names
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
CVE-2025-70952
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
DEBIAN-CVE-2025-70952
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
UBUNTU-CVE-2025-70952
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
...
SUSE CVE-2026-30914
SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handlers and the internal Virtual Filesystem routing can lead to an authorization bypass. An authenticated attacker can craft specific file paths...
CVE-2025-70952
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
PT-2026-28084
pf4j before 20c2f80 has a path traversal vulnerability in the extract function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation...
CVE-2025-70952
Pf4J prior to version 20c2f80 contains a path traversal (Zip Slip) vulnerability in Unzip.java::extract(), caused by improper zip entry name handling and insufficient path normalization/validation. This allows directory traversal during extraction. The fixed state is addressed in the referenced c...
OpenClaw Authentication Bypass Vulnerability (CNVD-2026-14839)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication bypass vulnerability caused by a /api/channels route classification flaw due to a mismatch in the depth of normalization between authentication path classification and route path...
OpenClaw Authentication Bypass Vulnerability
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw there is an authentication bypass vulnerability , the vulnerability stems from the gateway authentication there is a path normalization mismatch problem , an attacker can use the vulnerability to bypass...
Ory Oathkeeper has a path traversal authorization bypass
Description Ory Oathkeeper is vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences e.g. /public/../admin/secrets that resolves to a protected path after normalization, but is matched against a permissive rule because the ra...
GHSA-P224-6X5R-FJPM Ory Oathkeeper has a path traversal authorization bypass
Description Ory Oathkeeper is vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences e.g. /public/../admin/secrets that resolves to a protected path after normalization, but is matched against a permissive rule because the ra...
PT-2026-26778
Name of the Vulnerable Software and Affected Versions Ory Oathkeeper affected versions not specified Description Ory Oathkeeper is susceptible to an authorization bypass due to a path traversal issue. An attacker can potentially bypass security checks by crafting URLs with path traversal sequence...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw there is an authentication bypass vulnerability , the vulnerability stems from the gateway authentication there is a path normalization mismatch problem , an attacker can use the vulnerability to bypass...
GO-2026-4699 SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo
SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy in github.com/drakkan/sftpgo...
BIT-PYTHON-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...
BIT-PYTHON-MIN-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...