Lucene search
K

669 matches found

EUVD
EUVD
added 2026/03/13 9:11 a.m.3 views

EUVD-2026-11778

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References5
OSV
OSV
added 2026/03/13 9:11 a.m.8 views

EEF-CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References6
OSV
OSV
added 2026/03/13 9:11 a.m.5 views

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS6.7AI score0.00363EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2026/03/13 9:11 a.m.3 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS7.3AI score0.00363EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25164

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue, exists in the Erlang OTP ssh sftpd module...

5.5CVSS7.2AI score0.00363EPSS
Exploits0References58
AlpineLinux
AlpineLinux
added 2026/03/06 9:28 p.m.4 views

CVE-2026-27139

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

2.5CVSS5.9AI score0.00201EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/06 9:28 p.m.21 views

CVE-2026-27139 FileInfo can escape from a Root in os

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/05 9:59 p.m.7 views

EUVD-2026-9905

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring must be enabled that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences...

5.6CVSS5.9AI score0.00134EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a path traversal vulnerability that stems from the sandbox skill image failing to properly filter special elements in the path of a resource or file, which can be exploited by an attacker to cause a file t...

7.9CVSS5.8AI score0.00134EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/02 9:55 p.m.4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the writeFileWithinRoot function. An attacker can create or truncate files outside the intended root directory by exploiting a race...

8.7CVSS6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-23084

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not...

5.6CVSS6.4AI score0.01404EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

MajorDoMo 安全漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a security vulnerability in MajorDoMo. This vulnerability stems from the saverestore module, which exposes its admin method through the /objects/?module=saverestore endpoint without...

9.8CVSS6.2AI score0.01086EPSS
Exploits4References3
Snyk
Snyk
added 2026/02/17 4:14 p.m.4 views

Exposure of Information Through Directory Listing

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

7.5CVSS5.7AI score0.00665EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/02/17 12:55 a.m.19 views

ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS

A vulnerability in Ceph was discovered whereby an unprivileged user could change the permissions of a directory owned by the root user, gaining access to the targeted directory. The non-privileged user can escalate privileges to root in a CephFS mounted with ceph-fuse by applying chmod 777 read,...

6.5CVSS5.9AI score0.00166EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/02/09 6:21 a.m.5 views

Oki Electric Industry products and OEM products register Windows services with unquoted file paths

Overview Configuration Tool provided by Oki Electric Industry Co., Ltd., Ricoh Co., Ltd., and Murata Machinery, Ltd. contain the following vulnerability. Unquoted search path or element CWE-428 - CVE-2026-24466 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IP...

8.4CVSS6AI score0.00137EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/04 11:5 p.m.18 views

CVE-2025-22873 Improper access to parent directory of root in os

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...

0.00238EPSS
Exploits0References4
OSV
OSV
added 2026/02/04 10:42 p.m.9 views

GO-2026-4403 Improper access to parent directory of root in os

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...

3.8CVSS5.4AI score0.00238EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.6 views

CVE-2025-69430

An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...

6.1CVSS5.5AI score0.00281EPSS
Exploits1References1
OSV
OSV
added 2026/02/03 6:16 p.m.3 views

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Sam...

6.1CVSS5.8AI score0.00281EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.10 views

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Sam...

6.1CVSS0.00281EPSS
Exploits1References1
Rows per page
Query Builder