CVE-2026-35525

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for % include %, % render %, and % layout %, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is path-based, not...

CVE-2026-1784

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

CVE-2026-1784 Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

EUVD-2026-33883

The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration...

HTTP Request Smuggling

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to HTTP Request Smuggling via the request.url reconstruction process. An attacker can bypass path-based security checks by supplying a malformed Host header that causes request.url.path t...

PYSEC-2026-161 BadHost: Missing Host header validation poisons request.url.path, bypassing path-based security checks

Starlette reconstructs the requested URL based on the HTTP Host request header and requested path, but does not perform any validation of the Host header value. This allows attackers to inject paths into the host part, prepending the actual path. However, routing in Starlette is based on the actu...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021488)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021488 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for...

Path Traversal

org.openmrs.web, openmrs-web is vulnerable to Path Traversal. The vulnerability is due to improper path boundary validation in the /openmrs/moduleResources/moduleid endpoint, where user-controlled input is concatenated into filesystem paths without normalization or restriction checks, which allow...

Path Traversal

OpenClaw is vulnerable to Path Traversal. The vulnerability is due to insufficient path validation in isLikelyLocalPath and isValidMedia, where attackers can exploit incomplete checks and the allowBareFilename bypass to access files outside the intended sandbox, leading to disclosure of sensitive...

CLSA-2026-1777946314 httpd: Fix of 4 CVEs

CVE-2024-42516: fix HTTP response splitting in core via Content-Type response header headerfilter rewrite - CVE-2024-43204: prevent SSRF via modheaders RequestHeader set/edit Content-Type modifying response headers - CVE-2024-43394: expand UNC path checking with new apstatcheck helper Linux:...

CLSA-2026-1777482797 Fix CVE(s): CVE-2026-29111

SECURITY UPDATE: stack overwriting via crafted cgroup path - debian/patches/CVE-2026-29111.patch: validate input cgroup path in methodgetunitbycontrolgroup with pathisabsolute and pathisnormalized checks before passing to managergetunitbycgroup. - CVE-2026-29111...

CVE-2026-40931

Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but...

EUVD-2026-21595

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

liquidjs 安全漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.3 contained security vulnerabilities; these vulnerabilities stemmed from path-based checks instead of checking actual paths, which could lead to external...

Incorrect Authorization

Overview openharness-ai is an Open-source Python port of Claude Code - an AI-powered CLI coding assistant Affected versions of this package are vulnerable to Incorrect Authorization due to inconsistent parameter handling in permission enforcement within the readfile, writefile, editfile, and...

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. There is a security vulnerability in pyLoad. This vulnerability arises from the fact that the “storagefolder” option is not included in the ADMINONLYOPTIONS set, and it bypasses existing path restrictions. This could allow users with...

H3 安全漏洞

H3 is an open-source HTTP framework developed by H3. Versions of H3 prior to 2.0.2-rc.17 contained security vulnerabilities. These vulnerabilities stemmed from the use of the startsWith method for checking paths, without verifying the boundaries of path segments. This could lead to middleware...

CVE-2026-33768 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

CVE-2026-27625

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability due to the lack of path checking in the/api/v1/convert/markdown/pdf endpoint, which could...