CVE-2026-7875 NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling

NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messagesout.id and...

WordPress plugin Easy Video Player Wordpress & WooCommerce 路径遍历漏洞

WordPress Easy Video Player Wordpress&WooCommerce is a responsive video player plugin designed for WordPress and WooCommerce, supporting local video playback, cloud platform video streaming, 360 degree video and virtual reality playback. WordPress Easy Video Player Wordpress&WooCommerce suffers...

CVE-2024-38449

A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the application...

CVE-2024-38449

A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the application...

Asterisk 路径遍历漏洞

Asterisk is a software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk suffers from a security vulnerability that stems from the vulnerability of remote authentication sessions, where GetConfig AMI Action can read files outside of a directory,...

UBUNTU-CVE-2022-39347

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...

PT-2021-12074 · Unknown · Httpengine

Name of the Vulnerable Software and Affected Versions: HTTPEngine affected versions not specified Description: The issue arises from improper sanitization of user input in HTTPEngine.Handle, allowing directory traversal. This enables an attacker to read files outside the target directory, provide...

PT-2019-15300 · Ge · Relion 670 Series

Name of the Vulnerable Software and Affected Versions: Relion 670 Series versions 1p1r26 through 2.1.0.1 Relion 670 Series versions prior to 1p1r26 Description: An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series outside the intended...

rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files

There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is...