412 matches found
OESA-2026-1979 golang security update
. Security Fixes: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which...
ROS-20260417-73-0028
Vulnerability in rubygem-rack related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
ROS-20260417-73-0013
A vulnerability in the commonprefix function of the pip module of the Python programming language is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to add and modify arbitrary files...
PT-2026-31346
Name of the Vulnerable Software and Affected Versions Logstash affected versions not specified Description Logstash is susceptible to a flaw where improper validation of file paths within compressed archives can lead to arbitrary file write and potential remote code execution through Relative Pat...
PT-2026-30763
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113 Description PraisonAI is susceptible to a path traversal issue due to a flaw in the validate path function. This function first calls os.path.normpath, which collapses '..' sequences, and then checks for the...
ROS-20260331-73-0001
A vulnerability in the Wheel file manipulation command line tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker to escalate privileges or execute arbitrary code...
ROS-20260319-73-0009
A vulnerability in the outfile plugin of the Fluent Bit logging tool is related to an incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to write an arbitrary file outside the target directory...
OpenClaw 后置链接漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path restriction bypass vulnerability that can be exploited by an attacker to write a file to an arbitrary location...
ROS-20260310-73-0041
Vulnerability in python-jaraco-context related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...
ROS-20260310-73-0042
Vulnerability in python-setuptools related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...
Advisory ROSA-SA-2026-3186
Software: vim 8.0.1763 OS: ROSA Virtualization 3.0 unaffected versions = vim-8.0.1763-21.0.1.1.rv30 affected versions vim-8.0.1763-21.0.0.1.rv30 CVE-ID: CVE-2025-53905 BDU-ID: 2025-11730 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vim text editor is related to an incorrect restriction of t...
Advisory ROSA-SA-2026-3166
Software: vim 8.0.1763 OS: ROSA Virtualization 3.1 unaffected versions = vim-8.0.1763-21.0.1.rv31 affected versions vim-8.0.1763-21.0.1.1.rv31 CVE-ID: CVE-2025-53905 BDU-ID: 2025-11730 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vim text editor is related to an incorrect restriction of the...
CVE-2026-24053 Cluade Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes
Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the...
GHSA-Q728-GF8J-W49R Claude Code has a Path Restriction Bypass via ZSH Clobber which Allows Arbitrary File Writes
Due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files outside the current working directory without user permission prompts. Exploiting this required the user to use ZSH and the ability to add untrusted content into a...
ROS-20260129-73-0056
Vulnerability in mariadb10.6 related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
ROS-20260129-73-0017
Vulnerability in rust related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
ROS-20260129-73-0057
Vulnerability in mariadb11.4 related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
ROS-20260129-73-0055
Vulnerability in mariadb related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
PT-2026-21013
Name of the Vulnerable Software and Affected Versions Loki affected versions not specified Description An issue in the log aggregation and storage system exists due to improper restriction of the directory path name. By using double encoding to bypass validation of the namespace parameter for pat...
INNORIX WP 安全漏洞
INNORIX WP is a high-capacity file transfer software from the Korean company INNORIX. A security vulnerability exists in INNORIX WP that stems from improper path restriction and lack of authorization, which could lead to path traversal...