Lucene search
K

6 matches found

NVD
NVD
added 7 hours ago4 views

CVE-2026-14967

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS
Exploits0References1
CVE
CVE
added 8 hours ago5 views

CVE-2026-14967

BBOT’s github_workflows module has a path-traversal vulnerability: the path-containment check fails to resolve ‘..’, allowing a crafted CODE_REPOSITORY URL to traverse out of the configured output directory. The write is bounded to two directory levels above the output location and the target is ...

3.1CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 8 hours ago6 views

CVE-2026-14967 Path traversal in github_workflows allows writing artifacts outside output directory

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37013

Name of the Vulnerable Software and Affected Versions: versions prior to 2025-41714 Description: The upload endpoint does not adequately validate the Upload-Key request header. An authenticated attacker can use path traversal sequences within the header to create files outside the intended storag...

8.8CVSS7.4AI score0.00624EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.3 views

SUSE CVE-2022-37866

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

6.3CVSS8.9AI score0.01596EPSS
Exploits0References7
OSV
OSV
added 2021/03/23 9:15 p.m.5 views

CVE-2021-28820

The FTL Server tibftlserver, FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker...

7.8CVSS7.2AI score0.00251EPSS
Exploits0References1
Rows per page
Query Builder