CVE-2025-40549

SolarWinds Serv-U is affected by a Path Restriction Bypass vulnerability (CVE-2025-40549). Reports in multiple sources indicate that an attacker with administrative privileges could bypass directory restrictions and execute code on a directory, effectively enabling remote code execution. The issu...

ROS-20251113-08

A vulnerability in the Docker Compose multi-container application management tool is related to an incorrect restriction of the path name to a restricted directory. Exploitation of the vulnerability could allow an attacker acting remotely to overwrite an arbitrary file...

ROS-20251020-01

Vulnerability in open source external resource management software Terraform is associated with an incorrect restriction on the path name of a restricted directory. Exploitation of the vulnerability could allow an attacker to download arbitrary files...

EUVD-2020-24508

Malware in sbrugna...

EUVD-2011-1584

Malware in sbrugna...

EUVD-2013-3361

Malware in sbrugna...

EUVD-2022-1574

Malicious code in bioql PyPI...

EUVD-2022-2796

Malicious code in bioql PyPI...

ROS-20250925-03

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of the directory with restricted directory. Python programming language interpreter CPython functions...

ROS-20250925-04

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of the directory with restricted directory. Python programming language interpreter CPython functions...

ROS-20250925-01

Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of the directory with restricted directory. Python programming language interpreter CPython functions...

PT-2025-34784 · Google +1 · Android Debug Bridge +1

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9260 RSU LEO versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 Description: The Kapsch TrafficCom RIS-9260 RSU LEO software has the Android Debug Bridge ADB pre-installed and enabled by default. This allows...

The vulnerability of the Tidal component of the Alpine iLX-507 audio system allows a hacker to execute arbitrary code.

The vulnerability of the Tidal component of the Alpine iLX-507 audio system is related to an incorrect restriction on the name path to the restricted-access catalog. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2025-54794 Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability t...

CVE-2025-54794

CVE-2025-54794 – Claude Code path validation bypass : Claude Code versions older than 0.2.111 expose a directory-restriction bypass due to a path validation flaw that uses prefix matching instead of canonical path comparison. Exploitation requires either a pre-existing or creatable directory shar...

CVE-2025-54794 Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access

Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability t...

Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access

Due to a path validation flaw using prefix matching instead of canonical path comparison, it was possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability to create a directory with the same prefix as the CWD and the...

GHSA-PMW4-PWVC-3HX2 Claude Code Research Preview has a Path Restriction Bypass which could allow unauthorized file access

Due to a path validation flaw using prefix matching instead of canonical path comparison, it was possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the presence of or ability to create a directory with the same prefix as the CWD and the...

The vulnerability of the file server, related to incorrect restrictions on the path to the restricted directory, allows a hacker to bypass security restrictions.

The vulnerability of the server-filesystem is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...

SAMSUNG DMS 安全漏洞

SAMSUNG DMS is a data management server from Samsung South Korea. A security vulnerability exists in SAMSUNG DMS that stems from an improperly restricted path that could lead to the creation of arbitrary files...