Lucene search
K

1092 matches found

Github Security Blog
Github Security Blog
added 2026/05/05 8:5 p.m.11 views

django-s3file is vulnerable to relative path traversal

Impact S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES Depending on how files are handled, this may lead to...

9.9CVSS5.8AI score0.00564EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/29 8:15 p.m.5 views

CVE-2026-7404

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...

7.5CVSS7.1AI score0.00512EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.9 views

PT-2026-36006

Name of the Vulnerable Software and Affected Versions getsimpletool mcpo-simple-server versions prior to 0.2.1 Description A relative path traversal issue exists in the delete shared prompt function within the src/mcpo simple server/services/prompt manager/base manager.py file. This occurs due to...

7.5CVSS7.3AI score0.00512EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 12:28 p.m.9 views

Security Bulletin: Multiple vulnerabilities addressed in IBM Big Replicate LiveData Migrator 3.4

Summary Multiple vulnerabilities addressed in IBM Big Replicate LiveData Migrator 3.4. The libraries affected include tomcat-embed-core-9.0.108.jar Dependency packages are being used by IBM Big Replicate LiveData Migrator. This bulletin describes the upgrades necessary to address the...

9.6CVSS7.2AI score0.66535EPSS
Exploits4Affected Software1
Snyk
Snyk
added 2026/04/22 10:22 p.m.7 views

Relative Path Traversal

Overview openc3 is a Python support for OpenC3 COSMOS Affected versions of this package are vulnerable to Relative Path Traversal via the ToolConfigModel tool and config name handling in the Ruby and Python models. An attacker can write or delete arbitrary files within the shared /plugins directo...

5.3CVSS5.9AI score0.00313EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/22 10:22 p.m.6 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the ToolConfigModel tool and config name handling in the Ruby and Python models. An attacker can write or delete arbitrary files within the shared /plugins directory by supplying tool or config names containi...

5.3CVSS5.9AI score0.00313EPSS
Exploits1References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/20 12:0 a.m.7 views

JetBrains TeamCity Relative Path Traversal Vulnerability

JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed...

7.3CVSS7.3AI score0.99991EPSS
In wildExploits12
NVD
NVD
added 2026/04/14 4:16 p.m.11 views

CVE-2026-39814

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...

6.7CVSS0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 3:38 p.m.29 views

CVE-2026-39814

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...

6.7CVSS0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 3:38 p.m.3 views

CVE-2026-39814

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...

6.7CVSS6AI score0.00139EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a Web application layer firewall developed by the American company Fortinet. It can block threats such as cross-site scripting, SQL injection, cookie poisoning, and schema poisoning, ensuring the security of web applications and protecting sensitive database content. There is...

6.7CVSS6AI score0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32693

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...

6.7CVSS6AI score0.00139EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:40 p.m.5 views

Security Bulletin: Vulnerabilities in Apache Tomcat and hoek might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat and hoek. Vulnerabilities include Relative Path Traversal vulnerability in Apache Tomcat, Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat, Improper...

9.6CVSS7.1AI score0.66535EPSS
Exploits4Affected Software1
OSV
OSV
added 2026/04/08 12:6 a.m.4 views

GHSA-9H9M-RR67-9JPG coursevault-preview has a path traversal due to improper base-directory boundary validation

Summary coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which does not enforce a directory boundary. An attacker who controls the relativePath argument t...

5.1CVSS5.8AI score0.00141EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/08 12:6 a.m.4 views

Directory Traversal

Overview coursevault-preview is a Preview course material files from a configured directory Affected versions of this package are vulnerable to Directory Traversal via improper validation in the resolveSafe utility. An attacker can access files outside the intended directory by supplying crafted...

5.9CVSS6.3AI score0.00141EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/07 6:31 p.m.2 views

EUVD-2025-209265

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

5.7CVSS5.9AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/04/07 5:16 p.m.4 views

CVE-2026-35613

coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which...

5.1CVSS0.00141EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 4:39 p.m.3 views

CVE-2026-35613

coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which...

5.1CVSS5.8AI score0.00141EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 3:14 p.m.4 views

CVE-2025-24819

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

5.9AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 3:14 p.m.19 views

CVE-2025-24819 A Relative Path Traversal vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

0.00211EPSS
Exploits0References1
Rows per page
Query Builder