128 matches found
CVE-2026-48126
Algernon, a small self-contained pure-Go web server, is vulnerable prior to version 1.17.8 when started with --domain (or --letsencrypt). The request handler resolves the served directory by joining the configured --dir with the client-supplied Host header using filepath.Join without validation, ...
CVE-2026-48126 Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the...
PT-2026-43308
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: “landlock”: Fixed the “dparent” walk. The WARNONONCE function in “collectdomainaccesses” can be triggered when trying to link a root mount point. This does not work in practice because this directory is already mounted, but the V...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libcap (UTSA-2026-016785)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016785 advisory. A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an...
MGASA-2026-0116 Updated opam packages fix security vulnerability
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. CVE-2026-41082...
Updated opam packages fix security vulnerability
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. CVE-2026-41082...
CVE-2026-31706
A flaw was found in ksmbd, a Linux kernel module that provides an in-kernel SMB server. An authenticated client can exploit this vulnerability by manipulating the numaces value within the parent directory's security.NTACL extended attribute. This manipulation causes ksmbd to attempt an excessivel...
libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...
CVE-2026-40254
FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in channels/drive/client/drivefile.c. The containsdotdot function catches ../ and ..\ mid-path but misses .. when it's the last component with no trailing...
EUVD-2026-25381
FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in channels/drive/client/drivefile.c. The containsdotdot function catches ../ and ..\ mid-path but misses .. when it's the last component with no trailing...
SUSE CVE-2026-41082
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...
EUVD-2026-23288
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...
CVE-2026-41082
OCaml opam before 2.5.1 is affected: a .install field containing a destination filepath can traverse to a parent directory via ../, enabling potential path traversal. The issue is fixed in opam 2.5.1 (see OCaml/opam release 2.5.1). Affected component: opam’s packaging/install logic; root cause: i...
CVE-2026-41082
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...
CVE-2026-41082
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory...
PT-2026-33355
Name of the Vulnerable Software and Affected Versions opam versions prior to 2.5.1 Description A directory traversal issue exists where a .install field containing a destination filepath can use ../ to reach a parent directory. Recommendations Update to version 2.5.1...
xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern
Summary A path traversal vulnerability in XRootD allows users to escape the exported directory scope and enumerate the contents of the parent directory by appending /.. specifically without trailing slash to an exported path in xrdfs ls or HTTP PROPFIND requests. This bypass ignores the all.expor...
ALPINE-CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...
CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...