CVE-2026-6865 Improper Limitation of a Pathname to a Restricted Directory Vulnerability on Multiple Products

CWE-22: Improper Limitation of a Pathname to a Restricted Directory “Path Traversal” vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing...

Adobe Commerce Path Traversal Vulnerability (CNVD-2026-16594)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A path traversal vulnerability exists in Adobe Commerce that could be exploited by an attacker to access unauthorized files or directories outside of th...

CVE-2025-69411

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through = 1.3...

CVE-2025-67963

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ovatheme Movie Booking movie-booking allows Path Traversal.This issue affects Movie Booking: from n/a through = 1.1.5...

CVE-2025-11531

HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0...

CVE-2025-40605

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...

CVE-2025-40605

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...

CVE-2025-40605

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...

PT-2025-47568

Name of the Vulnerable Software and Affected Versions Email Security appliance affected versions not specified Description A Path Traversal issue exists in the Email Security appliance. This allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences, suc...

ROS-20251006-07

The vulnerability of the pamaccess component of the access.conf file of the Linux-PAM authentication module is related to the flaws in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and gain access t...

The vulnerability of the cloud integrated development environment (IDE) Atheos relates to an incorrect restriction on the path to the restricted access directory. This allows a perpetrator to execute arbitrary files on the server.

The vulnerability of the cloud integrated development environment IDE Atheos is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary files on the server remotely...

The vulnerability of Nokia’s Single Radio Access Network management platform lies in the improper limitation of the path name to the restricted access catalog. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Nokia Single RAN network management platform lies in the incorrect limitation of the path name when processing the PlanId parameter. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected informati...

The vulnerability of the Dell Storage Manager (DSM) cluster management software lies in the incorrect path name limitation for the restricted access directory, allowing a hacker to execute arbitrary code.

The vulnerability of the Dell Storage Manager DSM cluster management software is related to incorrect path name restrictions for access to restricted directories. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2025-23250

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering...

The vulnerability of the clpctlWrapper command in the server and CloudPanel management panel allows a attacker to increase their privileges.

The vulnerability of the clpctlWrapper command in the server and CloudPanel management panel is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability can allow attackers to increase their privileges...

OESA-2024-2546 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: Inconsistent...

SUSE CVE-2024-53008

Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL Access Control List set on the product. As a result, the attacker may obtain sensitive...

The vulnerability of the Microprogrammed Software for the Avigilon VideoIQ iCVR HD camera, related to incorrect restrictions on the path name to the restricted access directory, allows a violator to disclose protected information.

The vulnerability of the Microprogrammed Software of the Avigilon VideoIQ iCVR HD camera is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

The vulnerability of the Buildah container management tool arises due to an incorrect path name limitation for the restricted access catalog. This allows a malicious user to elevate their privileges within the system.

The vulnerability of the Buildah container management tool exists due to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability can allow a malicious user to gain increased privileges within the system...

The vulnerability of the fs.mkdtemp() and fs.mkdtempSync() methods in the Node.js software platform allows a hacker to create arbitrary directories.

The vulnerability of the fs.mkdtemp and fs.mkdtempSync methods in the Node.js software platform is related to incorrect path name restrictions for restricted-access directories. Exploiting this vulnerability could allow an attacker to create arbitrary directories remotely...