ROS-20260526-73-0017

Vulnerability in poetry related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

ROS-20260331-73-0001

A vulnerability in the Wheel file manipulation command line tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker to escalate privileges or execute arbitrary code...

Advisory ROSA-SA-2026-3186

Software: vim 8.0.1763 OS: ROSA Virtualization 3.0 unaffected versions = vim-8.0.1763-21.0.1.1.rv30 affected versions vim-8.0.1763-21.0.0.1.rv30 CVE-ID: CVE-2025-53905 BDU-ID: 2025-11730 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vim text editor is related to an incorrect restriction of t...

SAMSUNG DMS 安全漏洞

SAMSUNG DMS is a data management server from Samsung South Korea. A security vulnerability exists in SAMSUNG DMS that stems from an improperly restricted path that could lead to the creation of arbitrary files...

The vulnerability of the PHP Snappy library relates to incorrect restrictions on the path to the restricted directory. This allows attackers to gain unauthorized access to local files and directories.

The vulnerability of the PHP Snappy library is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to local files and directories on the server when...

The vulnerability of the graphical SFTP and SCP client for the Windows operating system, WinSCP, arises from incorrect path name restrictions for access-controlled directories. This allows attackers to create a special file and control its path on a remote server.

The vulnerability of the graphical SFTP and SCP client programs for the Windows operating system is related to incorrect path name restrictions for access to restricted directories. Exploiting this vulnerability allows an attacker to create a special file and control its path on a remote server...

The vulnerability of the SSLVPN microprogramming system for network interfaces from SonicWall SMA 100 allows a hacker to bypass security restrictions.

The vulnerability of the SSLVPN microprogramming system for network interfaces from SonicWall SMA 100 relates to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions remotely...

The vulnerability of the getServerPayload method in the HPE StoreOnce VSA storage virtualized system allows a attacker to disclose protected information.

The vulnerability of the getServerPayload method in the HPE StoreOnce VSA storage virtualized environment is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose protected information from ...

The vulnerability of the deletePackages method in the HPE StoreOnce VSA virtual storage system allows a attacker to gain access to read and delete any files they desire.

The vulnerability of the deletePackages method in the HPE StoreOnce VSA virtual storage system is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to read and...

The vulnerability of the Enable API Endpoints configuration of the ThinServer component on the Rockwell Automation ThinManager centralized application management platform allows a malicious individual to read arbitrary files.

The vulnerability of the Enable API Endpoints configuration of the ThinServer component of Rockwell Automation’s ThinManager centralized application management platform is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a...

The vulnerability of the Apache Pinot OLAP data store, related to incorrect restrictions on the path name to the restricted catalog, allows attackers to disclose protected information.

The vulnerability of the Apache Pinot OLAP data store is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow an attacker, operating remotely, to expose protected information by sending a specially crafted GET request...

The vulnerability of the Ivanti Avalanche device management system, related to incorrect restrictions on the path name to the restricted access catalog, allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the Ivanti Avalanche device management system is related to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data...

The vulnerability of the QAnything AI-based question-answering system lies in the incorrect limitation of the path name to the restricted access catalog. This allows attackers to read arbitrary files or execute arbitrary code.

The vulnerability of the QAnything AI-based question-answering system is related to an incorrect restriction on the name of the path to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to read arbitrary files or execute arbitrary code remotely...

The vulnerability of the command-line interface (CLI) of the Fortinet FortiManager device management software and the FortiAnalyzer security event monitoring and analysis tool allows a malicious actor to gain access to read, modify, or delete data.

The vulnerability of the command-line interface CLI of the Fortinet FortiManager device management system and the FortiAnalyzer event monitoring and analysis tool is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow an...

The vulnerability of the Mitel MiCollab collaboration platform, related to an incorrect restriction on the path name to the restricted access catalog, allows a hacker to read arbitrary files.

The vulnerability of the Mitel MiCollab collaboration platform lies in an incorrect restriction on the path name used to access the restricted catalog. Exploiting this vulnerability could allow an attacker to read arbitrary files...

The vulnerability of the Fortinet FortiClient Enterprise Management Server (EMS) server lies in the incorrect path limitation for the restricted access directory. This allows a malicious actor to perform service denial-of-service attacks, read from or write to a limited number of files.

The vulnerability of the Fortinet FortiClient Enterprise Management Server EMS server relates to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to perform maintenance actions, read from or write to a limited number of...

The vulnerability of the res.download() function in the template.js script (located at backend/src/routes/template.js), a documentation generation tool from PwnDoc, allows a hacker to read arbitrary files.

The vulnerability of the res.download function in the template.js script located at backend/src/routes/template.js, a tool for automating report document formatting by PwnDoc, is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow...

The vulnerability of the CLI command-line interface of the GitHub collaborative development platform involves an incorrect restriction on the path name to the restricted directory. This allows a malicious user to gain read, modify, or delete access to files.

The vulnerability of the CLI command-line interface of the GitHub collaborative development platform relates to incorrect path name restrictions for restricted directories when processing the artifact name and the --dir flag. Exploiting this vulnerability may allow a malicious actor to gain read,...

PT-2024-41081 · Spring · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework affected versions not specified Description: The issue is related to the org.springframework.web.multipart package of the Spring Web module in the Spring Framework, which is associated with incorrect restriction of the path...

The vulnerability of the SaveRestoreConnector function in NVIDIA NeMo’s comprehensive platform for training and applying neural networks in speech processing and natural language processing allows a hacker to execute arbitrary code.

The vulnerability of the SaveRestoreConnector function in NVIDIA NeMo’s comprehensive platform for training and applying neural networks in speech processing and natural language processing is related to an incorrect restriction on the path name to the restricted-access catalog. Exploiting this...