Lucene search
K

1091 matches found

CVE
CVE
added 2026/04/07 3:14 p.m.11 views

CVE-2025-24819

CVE-2025-24819 : Nokia MantaRay NM’s Software Manager is vulnerable to a Relative Path Traversal due to improper validation of input on the file system. The connected sources corroborate this description; however, no product version, affected component details, exploit information, or remediation...

5.7CVSS5.9AI score0.00211EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.3 views

PT-2026-30842

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

5.9AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.3 views

PT-2026-30911

Name of the Vulnerable Software and Affected Versions coursevault-preview versions prior to 0.1.1 Description coursevault-preview is a utility for previewing course material files from a configured directory. The software contains a path traversal issue in the resolveSafe utility. The boundary...

5.1CVSS5.8AI score0.00141EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

Nokia MantaRay NM 安全漏洞

Nokia MantaRay NM is a telecommunications network management platform developed by Finnish company Nokia. Nokia MantaRay NM has a security vulnerability, which stems from relative path traversal in the Software Manager application...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References1
OSV
OSV
added 2026/04/06 11:9 p.m.17 views

GHSA-JFXC-V5G9-38XR PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator

The Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker or compromised agent to write to arbitrary files outside of the configured workspace directory. By supplying relative path segments ../ in the target path, malicious actions can overwrite sensitive...

9CVSS6.2AI score0.00312EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/02 4:56 p.m.5 views

CVE-2026-33949

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

8.1CVSS6AI score0.00386EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/31 5:1 p.m.1 views

CVE-2026-32725 SciTokens C++: Relative Path Traversal Vulnerability

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....

8.3CVSS5.8AI score0.00834EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/30 5:7 p.m.21 views

@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

Summary A Path Traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server...

8.1CVSS6.2AI score0.00386EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/30 5:7 p.m.1 views

Directory Traversal

Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Directory Traversal due to improper validation of backslashes on...

8.1CVSS6.6AI score0.00386EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/24 4:35 p.m.7 views

GoDoxy has a Path Traversal Vulnerability in its File API

Summary The file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath = "config" a relative path. No sanitization or validation is applied beyond checking that...

6.5CVSS5.9AI score0.00502EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/23 9:48 p.m.8 views

H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation

Summary The redirectBack utility in h3 validates that the Referer header shares the same origin as the request before using its pathname as the redirect Location. However, the pathname is not sanitized for protocol-relative paths starting with //. An attacker can craft a same-origin URL with a...

6AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/23 9:48 p.m.4 views

GHSA-FP4X-GGRF-WMC6 H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation

Summary The redirectBack utility in h3 validates that the Referer header shares the same origin as the request before using its pathname as the redirect Location. However, the pathname is not sanitized for protocol-relative paths starting with //. An attacker can craft a same-origin URL with a...

5.4CVSS6AI score
Exploits0References4
OSV
OSV
added 2026/03/19 10:43 p.m.4 views

CVE-2026-29098 SuiteCRM has Relative Path Traversal via ModuleBuilder Modules ExportCustom Action

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the actionexportCustom function in modules/ModuleBuilder/controller.php fails to properly neutralize path traversal sequences in the $modules and $name...

4.9CVSS5.9AI score0.00329EPSS
Exploits0References4
OSV
OSV
added 2026/03/12 5:50 p.m.1 views

GHSA-2238-XC5R-V9HJ @tinacms/graphql has a Path Traversal issue

Description TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using path.join without validating that the resolved path...

6.3CVSS5.9AI score0.00426EPSS
Exploits1References3
OSV
OSV
added 2026/03/12 4:31 p.m.4 views

CVE-2026-24125 Path Traversal in @tinacms/graphql

Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths relativePath, newRelativePath via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using...

6.3CVSS5.8AI score0.00426EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/12 12:0 a.m.7 views

Security update for python-lxml_html_clean (moderate)

openSUSE security update: security update for python-lxmlhtmlclean ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20345-1 Rating: moderate References: bsc1259378 bsc1259379 Cross-References: CVE-2026-28348 CVE-2026-28350 Affected Products: openSUSE...

6.1CVSS5.8AI score0.00254EPSS
Exploits2References2
Snyk
Snyk
added 2026/03/07 6:45 p.m.4 views

Relative Path Traversal

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Relative Path Traversal via the editpackage function when processing the packfolder parameter. An attacker can overwrite arbitrary files on the system by...

7.1CVSS6AI score0.00517EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/05 12:52 a.m.4 views

Symlink Attack

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Symlink Attack exploitable via stripAbsolutePath, used by the Unpack class. An attacker can overwrite arbitrary files outside the intended extraction directory by including a hardlink whose linkpa...

8.6CVSS6.2AI score0.00408EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23608

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.10 Description The node-tar package contains a flaw where it can be tricked into creating a hardlink that points outside the extraction directory. This is achieved by using a drive-relative link target, such as...

8.2CVSS5.9AI score0.00408EPSS
Exploits2References211
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

Hexpm 安全漏洞

Hexpm is a web page and interface developed by Hex. Hexpm has a security vulnerability, which stems from improper path name restrictions, potentially leading to relative path traversal...

7.5CVSS5.8AI score0.00409EPSS
Exploits0References3
Rows per page
Query Builder