SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

Summary simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into...

CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

OpenClaw 路径遍历漏洞

OpenClaw is an agent tool for managing session logs. OpenClaw suffers from a path traversal vulnerability. An attacker can exploit this vulnerability by... /... /etc/passwd, etc. to read and write arbitrary files outside of the agent's session directory...

CVE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

VulnCheck KEV: CVE-2024-9047

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful...

CVE-2024-9939

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory...

CVE-2024-23607

A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2024-19961 · F5 · F5Os Qkview Utility

Name of the Vulnerable Software and Affected Versions: F5OS QKView utility affected versions not specified Description: A directory traversal vulnerability exists in the F5OS QKView utility, allowing an authenticated attacker to read files outside the QKView directory. Note that software versions...

OESA-2022-2112 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp. Security Fixes: FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are...

PT-2021-9104 · Goa · Goa

Name of the Vulnerable Software and Affected Versions: github.com/goadesign/goa versions prior to 3.0.9 github.com/goadesign/goa versions prior to 2.0.10 github.com/goadesign/goa versions prior to 1.4.3 Description: The issue is related to improper path sanitization, allowing remote attackers to...