34 matches found
TencentOS Server 3: perl:5.32 (TSSA-2026:0325)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0325 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient path sanitization in the osfs.ChrootOS component. An attacker can gain unauthorized access to unintended filesystem locations by supplying crafted paths containing directory traversal sequences...
PT-2026-7578
A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...
EulerOS Virtualization 2.10.0 : perl (EulerOS-SA-2026-1189)
According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open...
Astra Linux – Vulnerability in Perl
Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...
CVE-2025-54755
CVE-2025-54755 : A directory traversal vulnerability in BIG-IP Configuration utility (TMUI) allows a highly privileged authenticated attacker to access files beyond the intended directories. Affected products include BIG-IP TMUI/Configuration utility (BIG-IP Next branches listed); impact is uncon...
EUVD-2019-1154
Malware in sbrugna...
EUVD-2025-19730
Malicious code in bioql PyPI...
EUVD-2025-19727
Malicious code in bioql PyPI...
Security Bulletin: AIX/VIOS is vulnerable to a race condition in directory handling due to Perl (CVE-2025-40909)
Summary Vulnerability in Perl could allow a local attacker to load code or access files from unexpected locations CVE-2025-40909. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2025-40909 DESCRIPTION: Perl threads have a working directory race condition wher...
EulerOS 2.0 SP12 : perl (EulerOS-SA-2025-2051)
According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths.If a directory handle is open at thread...
EulerOS 2.0 SP11 : perl (EulerOS-SA-2025-1964)
According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread...
CVE-2025-53109
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...
CVE-2025-53110
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 0.6.4 o...
Symbolic Link Traversal
@modelcontextprotocol/server-filesystem is vulnerable to Symbolic Link Traversal. The vulnerability is due to insufficient validation of symbolic links within allowed directories, which allows an attacker to access unintended files by leveraging symlinks to bypass directory restrictions...
CVE-2025-53109
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...
CVE-2025-53109 Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 0.6.4 or 2025.7.01...
CVE-2025-53110 Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 0.6.4 o...
CVE-2025-53110 Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 0.6.4 o...
CVE-2025-53110 Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. Versions of Filesystem prior to 0.6.4 or 2025.7.01 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 0.6.4 o...