1091 matches found
CVE-2025-24819
CVE-2025-24819 : Nokia MantaRay NM’s Software Manager is vulnerable to a Relative Path Traversal due to improper validation of input on the file system. The connected sources corroborate this description; however, no product version, affected component details, exploit information, or remediation...
PT-2026-30842
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...
PT-2026-30911
Name of the Vulnerable Software and Affected Versions coursevault-preview versions prior to 0.1.1 Description coursevault-preview is a utility for previewing course material files from a configured directory. The software contains a path traversal issue in the resolveSafe utility. The boundary...
Nokia MantaRay NM 安全漏洞
Nokia MantaRay NM is a telecommunications network management platform developed by Finnish company Nokia. Nokia MantaRay NM has a security vulnerability, which stems from relative path traversal in the Software Manager application...
GHSA-JFXC-V5G9-38XR PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator
The Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker or compromised agent to write to arbitrary files outside of the configured workspace directory. By supplying relative path segments ../ in the target path, malicious actions can overwrite sensitive...
CVE-2026-33949
Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...
CVE-2026-32725 SciTokens C++: Relative Path Traversal Vulnerability
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....
@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files
Summary A Path Traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server...
Directory Traversal
Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Directory Traversal due to improper validation of backslashes on...
GoDoxy has a Path Traversal Vulnerability in its File API
Summary The file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath = "config" a relative path. No sanitization or validation is applied beyond checking that...
H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation
Summary The redirectBack utility in h3 validates that the Referer header shares the same origin as the request before using its pathname as the redirect Location. However, the pathname is not sanitized for protocol-relative paths starting with //. An attacker can craft a same-origin URL with a...
GHSA-FP4X-GGRF-WMC6 H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation
Summary The redirectBack utility in h3 validates that the Referer header shares the same origin as the request before using its pathname as the redirect Location. However, the pathname is not sanitized for protocol-relative paths starting with //. An attacker can craft a same-origin URL with a...
CVE-2026-29098 SuiteCRM has Relative Path Traversal via ModuleBuilder Modules ExportCustom Action
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the actionexportCustom function in modules/ModuleBuilder/controller.php fails to properly neutralize path traversal sequences in the $modules and $name...
GHSA-2238-XC5R-V9HJ @tinacms/graphql has a Path Traversal issue
Description TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using path.join without validating that the resolved path...
CVE-2026-24125 Path Traversal in @tinacms/graphql
Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...
Security update for python-lxml_html_clean (moderate)
openSUSE security update: security update for python-lxmlhtmlclean ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20345-1 Rating: moderate References: bsc1259378 bsc1259379 Cross-References: CVE-2026-28348 CVE-2026-28350 Affected Products: openSUSE...
Relative Path Traversal
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Relative Path Traversal via the editpackage function when processing the packfolder parameter. An attacker can overwrite arbitrary files on the system by...
Symlink Attack
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Symlink Attack exploitable via stripAbsolutePath, used by the Unpack class. An attacker can overwrite arbitrary files outside the intended extraction directory by including a hardlink whose linkpa...
PT-2026-23608
Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.10 Description The node-tar package contains a flaw where it can be tricked into creating a hardlink that points outside the extraction directory. This is achieved by using a drive-relative link target, such as...
Hexpm 安全漏洞
Hexpm is a web page and interface developed by Hex. Hexpm has a security vulnerability, which stems from improper path name restrictions, potentially leading to relative path traversal...