Lucene search
K

412 matches found

OSV
OSV
added 2026/04/17 1:3 p.m.16 views

OESA-2026-1979 golang security update

. Security Fixes: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References4
Redos
Redos
added 2026/04/17 12:0 a.m.8 views

ROS-20260417-73-0028

Vulnerability in rubygem-rack related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

7.5CVSS6.7AI score0.00665EPSS
Exploits1
Redos
Redos
added 2026/04/17 12:0 a.m.33 views

ROS-20260417-73-0013

A vulnerability in the commonprefix function of the pip module of the Python programming language is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to add and modify arbitrary files...

2CVSS5.9AI score0.0039EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31346

Name of the Vulnerable Software and Affected Versions Logstash affected versions not specified Description Logstash is susceptible to a flaw where improper validation of file paths within compressed archives can lead to arbitrary file write and potential remote code execution through Relative Pat...

8.1CVSS6.5AI score0.00545EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.3 views

PT-2026-30763

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113 Description PraisonAI is susceptible to a path traversal issue due to a flaw in the validate path function. This function first calls os.path.normpath, which collapses '..' sequences, and then checks for the...

9.2CVSS5.9AI score0.00416EPSS
Exploits1References12
Redos
Redos
added 2026/03/31 12:0 a.m.9 views

ROS-20260331-73-0001

A vulnerability in the Wheel file manipulation command line tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker to escalate privileges or execute arbitrary code...

7.1CVSS7AI score0.00311EPSS
Exploits2
Redos
Redos
added 2026/03/19 12:0 a.m.7 views

ROS-20260319-73-0009

A vulnerability in the outfile plugin of the Fluent Bit logging tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to write an arbitrary file outside the target directory...

5.3CVSS5.9AI score0.00651EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

OpenClaw 后置链接漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path restriction bypass vulnerability that can be exploited by an attacker to write a file to an arbitrary location...

5.3CVSS5.9AI score0.0013EPSS
Exploits0References3
Redos
Redos
added 2026/03/10 12:0 a.m.9 views

ROS-20260310-73-0041

Vulnerability in python-jaraco-context related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

8.6CVSS5.8AI score0.00527EPSS
Exploits1
Redos
Redos
added 2026/03/10 12:0 a.m.7 views

ROS-20260310-73-0042

Vulnerability in python-setuptools related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

8.6CVSS5.8AI score0.00527EPSS
Exploits1
Rosalinux
Rosalinux
added 2026/02/16 10:56 a.m.12 views

Advisory ROSA-SA-2026-3186

Software: vim 8.0.1763 OS: ROSA Virtualization 3.0 unaffected versions = vim-8.0.1763-21.0.1.1.rv30 affected versions vim-8.0.1763-21.0.0.1.rv30 CVE-ID: CVE-2025-53905 BDU-ID: 2025-11730 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vim text editor is related to an incorrect restriction of t...

4.1CVSS6.3AI score0.00731EPSS
Exploits2
Rosalinux
Rosalinux
added 2026/02/16 7:27 a.m.8 views

Advisory ROSA-SA-2026-3166

Software: vim 8.0.1763 OS: ROSA Virtualization 3.1 unaffected versions = vim-8.0.1763-21.0.1.rv31 affected versions vim-8.0.1763-21.0.1.1.rv31 CVE-ID: CVE-2025-53905 BDU-ID: 2025-11730 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vim text editor is related to an incorrect restriction of the...

4.1CVSS6.6AI score0.00731EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/02/03 8:49 p.m.2 views

CVE-2026-24053 Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes

Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the...

7.7CVSS5.4AI score0.00464EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 7:32 p.m.4 views

GHSA-Q728-GF8J-W49R Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes

Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a...

7.7CVSS5.5AI score0.00464EPSS
Exploits0References3
Redos
Redos
added 2026/01/29 12:0 a.m.6 views

ROS-20260129-73-0056

Vulnerability in mariadb10.6 related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

7CVSS5.9AI score0.00414EPSS
Exploits0
Redos
Redos
added 2026/01/29 12:0 a.m.7 views

ROS-20260129-73-0017

Vulnerability in rust related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

6.3CVSS5.9AI score0.00482EPSS
Exploits0
Redos
Redos
added 2026/01/29 12:0 a.m.8 views

ROS-20260129-73-0057

Vulnerability in mariadb11.4 related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

7CVSS5.9AI score0.00414EPSS
Exploits0
Redos
Redos
added 2026/01/29 12:0 a.m.6 views

ROS-20260129-73-0055

Vulnerability in mariadb related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

7CVSS5.9AI score0.00414EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.8 views

PT-2026-21013

Name of the Vulnerable Software and Affected Versions Loki affected versions not specified Description An issue in the log aggregation and storage system exists due to improper restriction of the directory path name. By using double encoding to bypass validation of the namespace parameter for pat...

8.2CVSS5.3AI score0.00409EPSS
Exploits0References93
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.5 views

INNORIX WP 安全漏洞

INNORIX WP is a high-capacity file transfer software from the Korean company INNORIX. A security vulnerability exists in INNORIX WP that stems from improper path restriction and lack of authorization, which could lead to path traversal...

6.9CVSS5.8AI score0.00139EPSS
Exploits0References2
Rows per page
Query Builder