47 matches found
CVE-2026-49342
YARD (Ruby) prior to 0.9.44 is affected: its static cache lookup reads the request path before router path cleanup, allowing a traversal like /../yard-cache-secret.html to be joined with a document root and retrieve a sibling .html outside the intended static tree. The issue is addressed in versi...
CVE-2026-48855 SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh sshsftpd module allows File Discovery. The SSHFXPREADLINK handler in sshsftpd sends the raw result of file:readlink/2 to the client without calling chrootfilename/2 to strip the backend root prefix. An...
SUSE-SU-2026:1964-1 Security update for rmt-server
This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...
PT-2026-29915
Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...
Rack::Static prefix matching can expose unintended files under the static root
Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...
BuildKit 后置链接漏洞
BuildKit is a concurrent, cache-efficient build tool package developed by Moby. Versions of BuildKit prior to 0.28.1 contained a post-link vulnerability. This vulnerability stemmed from insufficient validation of Git URL fragment sub-directory components, which could allow access to files outside...
AVideo: Remote Code Execution via PHP Temp File in Encoder downloadURL
Summary The downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing an invalid resolution parameter, an attacker triggers an early die via...
CVE-2026-29098 SuiteCRM has Relative Path Traversal via ModuleBuilder Modules ExportCustom Action
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the actionexportCustom function in modules/ModuleBuilder/controller.php fails to properly neutralize path traversal sequences in the $modules and $name...
GHSA-Q5QW-H33P-QVWR Hono vulnerable to arbitrary file access via serveStatic vulnerability
Summary When using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without authorization. The router used decodeURI, while serveStatic used decodeURIComponent. This mismatch allowe...
Rack has a Directory Traversal via Rack:Directory
Summary Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Details In directory.rb,...
CVE-2016-15056
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...
EUVD-2016-10800
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...
CVE-2016-15056 Ubee EVW3226 Unauthenticated Backup File Disclosure
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...
CVE-2016-15056 Ubee EVW3226 Unauthenticated Backup File Disclosure
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can reque...
Ubee EVW3226 安全漏洞
The Ubee EVW3226 is a WiFi router from Ubee Corporation of Taiwan, China. A security vulnerability exists in the Ubee EVW3226 version 1.0.20 and earlier, which stems from a configuration backup file being stored in the web root directory and unencrypted, which could lead to the disclosure of...
CVAT.ai CVAT 路径遍历漏洞
CVAT.ai CVAT is an open source data processing tool from CVAT.ai. A path traversal vulnerability exists in CVAT.ai CVAT versions 2.4.0 through 2.48.1, which originates from a malicious user being able to create or overwrite files in the root directory of a mounted file share, potentially leading ...
EUVD-2005-0230
Malware in sbrugna...
EUVD-2010-0036
Malware in sbrugna...
EUVD-2004-0050
Malware in sbrugna...
CVE-2021-4459 SMA: Directory Traversal in Sunny Boy <3.10.27.R
An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices...