Lucene search
+L

676 matches found

osv
osv
added 2026/03/13 7:54 p.m.2 views

DEBIAN-CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS7.3AI score0.00363EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/03/13 7:54 p.m.4 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS5.8AI score0.00363EPSS
Exploits0References6
osv
osv
added 2026/03/13 7:54 p.m.7 views

UBUNTU-CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS5.8AI score0.00363EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/03/13 9:11 a.m.3 views

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/03/13 9:11 a.m.4 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References6Affected Software1
euvd
euvd
added 2026/03/13 9:11 a.m.3 views

EUVD-2026-11778

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References5
cvelist
cvelist
added 2026/03/13 9:11 a.m.27 views

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS0.00363EPSS
Exploits0References7
osv
osv
added 2026/03/13 9:11 a.m.9 views

EEF-CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh\sftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh\sftpd.erl and program routines ssh\sftpd:is\within\root/2. The SFTP server...

5.3CVSS6.7AI score0.00363EPSS
Exploits0References6
osv
osv
added 2026/03/13 9:11 a.m.7 views

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS6.7AI score0.00363EPSS
Exploits0References11
debiancve
debiancve
added 2026/03/13 9:11 a.m.5 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS7.3AI score0.00363EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/03/13 12:0 a.m.14 views

PT-2026-25164

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue, exists in the Erlang OTP ssh sftpd module...

5.5CVSS7.2AI score0.00363EPSS
Exploits0References58
alpinelinux
alpinelinux
added 2026/03/06 9:28 p.m.4 views

CVE-2026-27139

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

2.5CVSS5.9AI score0.00201EPSS
Exploits0
cvelist
cvelist
added 2026/03/06 9:28 p.m.24 views

CVE-2026-27139 FileInfo can escape from a Root in os

On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...

0.00201EPSS
Exploits0References4
euvd
euvd
added 2026/03/05 9:59 p.m.7 views

EUVD-2026-9905

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring must be enabled that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences...

5.6CVSS5.9AI score0.00134EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/03/05 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a path traversal vulnerability that stems from the sandbox skill image failing to properly filter special elements in the path of a resource or file, which can be exploited by an attacker to cause a file t...

7.9CVSS5.8AI score0.00134EPSS
Exploits0References3
snyk
snyk
added 2026/03/02 9:55 p.m.5 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the writeFileWithinRoot function. An attacker can create or truncate files outside the intended root directory by exploiting a race...

8.7CVSS6AI score
Exploits0References3
nessus
nessus
added 2026/03/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-23084

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not...

5.6CVSS6.4AI score0.01404EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/02/18 12:0 a.m.8 views

MajorDoMo 安全漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a security vulnerability in MajorDoMo. This vulnerability stems from the saverestore module, which exposes its admin method through the /objects/?module=saverestore endpoint without...

9.8CVSS6.2AI score0.01086EPSS
Exploits4References3
snyk
snyk
added 2026/02/17 4:14 p.m.4 views

Exposure of Information Through Directory Listing

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

7.5CVSS5.7AI score0.00665EPSS
Exploits1References2
redhat
redhat
added 2026/02/17 12:55 a.m.21 views

ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS

A vulnerability in Ceph was discovered whereby an unprivileged user could change the permissions of a directory owned by the root user, gaining access to the targeted directory. The non-privileged user can escalate privileges to root in a CephFS mounted with ceph-fuse by applying chmod 777 read,...

6.5CVSS5.9AI score0.00166EPSS
Exploits0References6
Rows per page
Query Builder