Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient path sanitization in the osfs.ChrootOS component. An attacker can gain unauthorized access to unintended filesystem locations by supplying crafted paths containing directory traversal sequences...

CVE-2026-39364 Vite has a `server.fs.deny` bypass with queries

Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny e.g., .env, .crt can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are...

Incorrect Behavior Order: Validate Before Canonicalize

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize through the server.fs.deny component. An attacker can access sensitive files by appending specific query parameters such as ?raw,...

CVE-2026-0847

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling...

CVE-2021-47899 YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

GHSA-R2H2-G46H-8MX8 pretix has Broken Access Control Allowing Cross-User File Access via UUID

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

EUVD-2020-26954

Malware in sbrugna...

EUVD-2018-11064

Malware in sbrugna...

EUVD-2018-0503

Malware in sbrugna...

EUVD-2017-15762

Malware in sbrugna...

EUVD-2024-47445

Malicious code in bioql PyPI...

EUVD-2023-55849

Malicious code in bioql PyPI...

EUVD-2023-34924

Malicious code in bioql PyPI...

EUVD-2025-27837

Malicious code in bioql PyPI...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the validLogFileName and validExecOutputFileName functions, which insufficiently validate log file names, allowing traversal sequences after certain prefixes. An attacker can access sensitive files on the host...

PT-2025-31976

Name of the Vulnerable Software and Affected Versions XBMC versions prior to the 2012-11-04 nightly release XBMC version 11 Description XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. When accessed via HT...

CVE-2013-10063

A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions = 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive...

CVE-2025-53079

Absolute Path Traversal in Samsung DMSData Management Server allows authenticated attacker Administrator to read sensitive files...

SAMSUNG DMS 安全漏洞

SAMSUNG DMS is a data management server from Samsung South Korea. A security vulnerability exists in SAMSUNG DMS that originates from absolute path traversal, which could lead to the reading of sensitive files...