CVE-2026-44440 ERPNext: Path Traversal Leading to Sensitive File Exposure

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0, an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability on an endpoint allows an authenticated adjacent attacker to read arbitrary files. This vulnerability is...

CVE-2026-35345

A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through improper validation of URL-encoded traversal sequences in the backend process. An attacker can delete critical configuration directories by supplying specially crafted paths. Details A Directory Traversal...

Path Traversal

mcp-server-git is vulnerable to Path Traversal. The vulnerability is due to the gitadd tool not validating file paths, where relative paths containing ../ sequences that resolve outside the repository were accepted and staged into the Git index, and attackers can exploit this to potentially...

EUVD-2019-19361

Malware in sbrugna...

EUVD-2009-4326

Malware in sbrugna...

EUVD-2020-29482

Malware in sbrugna...

EUVD-2021-19414

Malware in sbrugna...

EUVD-2000-0233

Malware in sbrugna...

EUVD-2025-21750

Malicious code in bioql PyPI...

EUVD-2025-0139

Malicious code in bioql PyPI...

EUVD-2025-15442

Malicious code in bioql PyPI...

EUVD-2022-34391

Malicious code in bioql PyPI...

EUVD-2022-3935

Malicious code in bioql PyPI...

EUVD-2024-1230

Malicious code in bioql PyPI...

vxscan

VXScan+ VXScan+ is an advanced Python-based web vulnerabili...

CVE-2025-54254

Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope i...

CVE-2025-50185

CVE-2025-50185 (DbGate) affects DbGate ≤ 6.6.0. Affected component: the dbgate-plugin-csv reader function, which does not validate file paths/types before reading files. This enables unauthorized access to arbitrary system files (e.g., /etc/shadow) by a user with application-level access, via the...

CVE-2018-25113

Dicoogle PACS Web Server (version 2.5.0 and earlier) is affected by an unauthenticated path traversal flaw. A crafted request to the /exportFile endpoint using the UID parameter can cause the server to read arbitrary files on the underlying system, exposing sensitive data accessible to the web se...

CVE-2025-53097

Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's searchfiles tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent coul...