CVE-2026-45750

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command...

CVE-2026-45750 Termix Vulnerable to Arbitrary Command Execution in File Manager

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command...

CVE-2026-45744

Termix web-based server management platform is affected by an OS command injection in the GET /ssh/file_manager/ssh/resolvePath endpoint prior to version 2.3.2. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick command substitution....

CVE-2026-45744 Termix has an OS Command Injection in File Manager resolvePath endpoint

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

CVE-2026-45744

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

PT-2026-47022

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file manager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command...

PT-2026-47017

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file manager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

CVE-2026-50076

CVE-2026-50076 affects the Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM. The issue is a deserialization flaw in the Java replace-resolve path that allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and to invoke classpath-present readResolve/r...

GHSA-8P4X-WR7X-3788 python-liquid: Absolute paths escape filesystem loader search path

Impact The built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the % include % and % render % tags. Targeted files...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the resolveURI function while performing directory validation when the configuration value livy.file.local-dir-whitelist is set to a non-default value. An attacker can gain unauthorized access to arbitrary...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the resolvePath function when used with navigate, , or redirect. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. Note: This is only exploitabl...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the resolvePath function when used with navigate, , or redirect. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. Note: This is only exploitabl...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

koa-static-security (>=0.0.3 <=0.0.7) potentially affected by CVE-2018-3732 via resolve-path (=1.3.3)

resolve-path NPM version =1.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on resolve-path and may be impacted: - koa-static-security =0.0.3, =0.0.7 Source cves: CVE-2018-3732 Source advisory: OSV:GHSA-62G9-6HW5-RWFP...

GHSA-62G9-6HW5-RWFP Path Traversal in resolve-path

Versions of resolve-path before 1.4.0 are vulnerable to path traversal. resolve-path relative path resolving suffers from a lack of file path sanitization for windows based paths. Recommendation Update to version 1.4.0 or later...

Path Traversal in resolve-path

Versions of resolve-path before 1.4.0 are vulnerable to path traversal. resolve-path relative path resolving suffers from a lack of file path sanitization for windows based paths. Recommendation Update to version 1.4.0 or later...

resolve-path path traversal vulnerability

resolve-path is a module for resolving and validating relative paths to the root path. A path traversal vulnerability exists in resolve-path versions prior to 1.4.0, which stems from the program's lack of detection of paths with special strings. An attacker can exploit this vulnerability to read...

CVE-2018-3732

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path...

CVE-2018-3732

The CVE-2018-3732 issue affects the resolve-path Node.js module prior to version 1.4.0. It suffers from a path traversal vulnerability due to insufficient validation of certain special-character paths, enabling a malicious user to read contents of files at known paths. Public reports across NVD, ...

PT-2018-16156 · Node · Resolve-Path

Name of the Vulnerable Software and Affected Versions: resolve-path versions prior to 1.4.0 Description: The issue arises from a lack of validation of paths containing certain special characters in the resolve-path node module, allowing a malicious user to read the content of any file with a know...