1092 matches found
django-s3file is vulnerable to relative path traversal
Impact S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES Depending on how files are handled, this may lead to...
CVE-2026-7404
A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function deletesharedprompt of the file src/mcposimpleserver/services/promptmanager/basemanager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate t...
PT-2026-36006
Name of the Vulnerable Software and Affected Versions getsimpletool mcpo-simple-server versions prior to 0.2.1 Description A relative path traversal issue exists in the delete shared prompt function within the src/mcpo simple server/services/prompt manager/base manager.py file. This occurs due to...
Security Bulletin: Multiple vulnerabilities addressed in IBM Big Replicate LiveData Migrator 3.4
Summary Multiple vulnerabilities addressed in IBM Big Replicate LiveData Migrator 3.4. The libraries affected include tomcat-embed-core-9.0.108.jar Dependency packages are being used by IBM Big Replicate LiveData Migrator. This bulletin describes the upgrades necessary to address the...
Relative Path Traversal
Overview openc3 is a Python support for OpenC3 COSMOS Affected versions of this package are vulnerable to Relative Path Traversal via the ToolConfigModel tool and config name handling in the Ruby and Python models. An attacker can write or delete arbitrary files within the shared /plugins directo...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via the ToolConfigModel tool and config name handling in the Ruby and Python models. An attacker can write or delete arbitrary files within the shared /plugins directory by supplying tool or config names containi...
JetBrains TeamCity Relative Path Traversal Vulnerability
JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed...
CVE-2026-39814
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...
CVE-2026-39814
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...
CVE-2026-39814
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...
Fortinet FortiWeb 安全漏洞
Fortinet FortiWeb is a Web application layer firewall developed by the American company Fortinet. It can block threats such as cross-site scripting, SQL injection, cookie poisoning, and schema poisoning, ensuring the security of web applications and protecting sensitive database content. There is...
PT-2026-32693
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...
Security Bulletin: Vulnerabilities in Apache Tomcat and hoek might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat and hoek. Vulnerabilities include Relative Path Traversal vulnerability in Apache Tomcat, Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat, Improper...
GHSA-9H9M-RR67-9JPG coursevault-preview has a path traversal due to improper base-directory boundary validation
Summary coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which does not enforce a directory boundary. An attacker who controls the relativePath argument t...
Directory Traversal
Overview coursevault-preview is a Preview course material files from a configured directory Affected versions of this package are vulnerable to Directory Traversal via improper validation in the resolveSafe utility. An attacker can access files outside the intended directory by supplying crafted...
EUVD-2025-209265
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...
CVE-2026-35613
coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which...
CVE-2026-35613
coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which...
CVE-2025-24819
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...
CVE-2025-24819 A Relative Path Traversal vulnerability in Nokia MantaRay NM
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...