43 matches found
SUSE-SU-2026:1659-1 Security update for sed
This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite bsc1262144...
SUSE-SU-2026:21448-1 Security update for sed
This update for sed fixes the following issue: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite bsc1262144...
LORIS Neuroimaging Platform 安全漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform prior to 27.0.3 and 28.0.1 contained security vulnerabilities. These vulnerabilities were caused by path traversal in static file routers, which could lead to the download of...
Rack::Static prefix matching can expose unintended files under the static root
Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...
Improper Input Validation
activestorage is vulnerable to Improper Input Validation. The vulnerability is due to unescaped use of blob keys in Dir.glob within DiskServicedeleteprefixed, which allows an attacker to inject glob metacharacters and delete unintended files from the storage directory...
CVE-2025-59031
Summary of CVE-2025-59031 (Dovecot) : A script provided by Dovecot for text conversion mishandles zip-style attachments. This can allow an attacker to craft OOXML documents that cause unintended files to be indexed and end up in full-text search (FTS) indexes. The underlying impact is limited to ...
CVE-2025-59031
Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...
CVE-2025-60946
CVE-2025-60946 affects Census CSWeb. In CSWeb 8.0.1, an arbitrary file path input vulnerability enables path traversal, potentially exposing sensitive directories to a remote, authenticated attacker. Impact is described as high for confidentiality, integrity, and availability in the CVSS metrics....
CVE-2026-26064
A flaw was found in calibre. This vulnerability, known as a path traversal, allows an attacker to write files to unintended locations on a user's system. This occurs because a function responsible for extracting pictures does not properly handle special characters in file paths...
FreeBSD : Forgejo -- Symbolic Link (Symlink) Following (963f4e9d-e4d5-11f0-984f-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 963f4e9d-e4d5-11f0-984f-b42e991fc52e advisory. https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports:...
EUVD-2025-34622
A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
EUVD-2020-5157
Malware in sbrugna...
EUVD-2023-32067
Malicious code in bioql PyPI...
EulerOS 2.0 SP11 : perl (EulerOS-SA-2025-1938)
According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread...
perl: Perl threads have a working directory race condition where file operations may target unintended paths
A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...
Relative Path Traversal
Apache Commons VFS is vulnerable to Relative Path Traversal. The vulnerability is due to improper validation in the resolveFile method, which allows encoded ".." sequences to bypass descendant path restrictions and access unintended files...
UBUNTU-CVE-2023-28371
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal...
CVE-2022-39196
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced...
CVE-2022-39196
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced...
PT-2022-24797 · Blackboard · Blackboard Learn
Name of the Vulnerable Software and Affected Versions: Blackboard Learn version 1.10.1 Description: The issue allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain "webapps/bbcms/execute/" URL. The vendor disputes this,...