129 matches found
PT-2026-47627
Name of the Vulnerable Software and Affected Versions FileBrowser Quantum versions prior to 1.3.3-stable FileBrowser Quantum versions prior to 1.4.2-beta Description Path Traversal is possible through the publicPatchHandler function in backend/http/public.go. The issue occurs because the software...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via improper path resolution during extraction of OCI image layer tarballs. An attacker can write arbitrary files to locations outside the intended extraction root by crafting a layer with a symlink pointing to an absolut...
CVE-2026-44220
ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discoverpipelinefiles function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory t...
CVE-2026-42549 Flight: Path traversal in `make:controller` CLI creates arbitrary directories outside project root
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...
CVE-2026-42549
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...
CVE-2026-44220 ciguard: discover_pipeline_files follows symlinks out of scan root
ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discoverpipelinefiles function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory t...
CVE-2026-44220
ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discoverpipelinefiles function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory t...
CVE-2026-44220
ciguard (static security auditor for CI/CD) has a symlink-following flaw in discover_pipeline_files() (src/ciguard/discovery.py) that can cause discovery to traverse into symlink targets outside the requested root. Documented in CVE-2026-44220 and GHSA advisories, the vulnerability affects versio...
golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...
CVE-2026-42275
The CVE-2026-42275 issue affects zrok’s WebDAV drive backend (davServer.Dir) where symbolic links inside the shared DriveRoot are not prevented from pointing outside the root. This allows remote WebDAV clients to read files and, on shares with lax OS permissions, overwrite files anywhere on the h...
CVE-2026-41589
Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...
CVE-2026-41589 Wish has SCP Path Traversal that allows arbitrary file read/write
Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...
EUVD-2026-28370
Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...
CVE-2026-41589
CVE-2026-41589 concerns the SCP path traversal in charm.land/wish/v2, affecting Wish SSH server middleware. From version 2.0.0 up to 2.0.1 (before patch), the SCP file system handler can be tricked by crafted filenames containing ../ sequences, allowing a malicious SCP client to read arbitrary se...
Symlink Attack
Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Symlink Attack via the isPathAllowed path check in lib/resolver-compat.js. An attacker can execute code outside the configured...
Symlink Attack
Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Symlink Attack via the isPathAllowed path check in lib/resolver-compat.js. An attacker can execute code outside the configured require.root by placin...
Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root
Summary The make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect...
Duplicate Advisory: OpenClaw: OpenShell FS bridge reads pin and verify the opened file before returning bytes
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h3g-6xhh-rg6p. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that...
CVE-2026-44113 OpenClaw < 2026.4.22 - Time-of-Check/Time-of-Use Race Condition in OpenShell FS Bridge
OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to read files outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and access...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to the getospath check in fileio.py in the file manager component. An attacker can read, write, and delete files outside the configured root directory by supplying a path whose resolved absolute path shares a...